Ubiquiti EdgeRouters Hacks May Be Ubiquitous

That Free Patch The FBI Applied Last Week Might Not Be Enough

The FBI sought after and received court approval to silently push out an update to Ubiquiti SOHO routers last week, which you may or may not be aware of.  They added firewall rules to prevent the hijacking of these routers by Russian hacking group APT28, which they have been disturbingly effective at doing.  Once they have access to the router, they leave your traffic alone to help hide their activity and instead use it to launch attacks.  Since these SOHO routers are unlikely to be on a black list, and because of the huge amount of them running, the sites they attack from these routers won’t just immediately block the traffic.

The new firewall settings the FBI added to these routers should prevent new infections from spreading, but it doesn’t resolve the root cause.  Anyone running a Ubiquiti router is strongly urged to take several steps.  It would be a very good idea to factory reset the router, then upgrade to the newest firmware and finally to do what you should have in the first place; get rid of any default passwords and usernames!

Once you’ve done that, you might want to look at strengthening your firewall rules, as the attacks will evolve and continue.

Leave a Reply