Recent cybersecurity threats have intensified as malicious actors exploit aging, unpatched network equipment. The FBI’s Internet Crime Complaint Center (IC3) has issued an urgent public service announcement, cautioning individuals and organizations against the risks posed by outdated routers that have been compromised by cybercriminals. These routers, often no longer being supported by manufacturers, are being used to host proxy services that allow cybercriminals to operate anonymously, further eroding the security of digital networks.
The FBI report has identified several router brands and models as common targets, including linksys, netgear, asus, and tp-link, all of which were built around the 2010 mark and have long since ceased receiving security firmware updates. The malware variant known as ‘TheMoon’, first observed in 2014, is now a critical component of these attacks, enabling hackers to transform infected routers into proxy nodes for anonymous cybercrime operations. These infected routers are then sold on illicit platforms and used to route internet traffic through unsuspecting users, allowing criminals to conceal their identities and evade detection.
Users with these older routers are potentially at risk of having their devices compromised, leading to slower internet speeds, exposure to phishing and spyware attacks, and legal repercussions if the compromised routers are used for criminal activities. Businesses face an even greater risk, as outdated routers can serve as entry points for deeper network intrusions, data theft, and ransomware attacks. The consequences for critical sectors could be severe, impacting safety and regulatory compliance.
Experts have recommended several steps to mitigate the risk of router compromise. First, users should replace their routers if they are more than five to seven years old, as these devices are no longer receiving security updates. Second, regular firmware updates should be applied to ensure the latest security patches are in place. Third, remote access should be turned off to prevent unauthorized remote control. Fourth, a strong password should be used for router settings, rather than the default ones. Fifth, users should monitor for unusual activity, such as slowed internet speeds or unexpected disconnections, which may indicate a breach. Sixth, victims or suspected compromises should report incidents to the FBI’s IC3 to help track and mitigate broader threats.
It is not merely a technical issue but also a matter of accountability. Manufacturers and service providers must play their role in ensuring the security of these devices, even after they are no longer being sold. Ultimately, the responsibility lies with all stakeholders—users, manufacturers, and service providers—to address the long-term risks posed by aging tech that continues to exist in the digital infrastructure.