Urgent Warning: Protect Yourself from the New ‘Rising Risk’ Attack—Reset Your Router Password Today!

Update, Jan. 5, 2025: This article, initially published on Jan. 4, now includes a user guide detailing how to adjust your router admin credentials from beginning to end.

Cybercriminals are ideally positioned to infiltrate networks due to supposedly secure devices safeguarded with factory default credentials. This is the main point from a recent analysis by threat intelligence specialists at IBM’s X-Force division, which cautioned that a router assessment is necessary following findings that 86% of routers continue to employ default admin credentials. Here’s what you should understand and actions to take.

ForbesAvoid Double Clicking—New Chrome, Edge, Safari Hack AlertBy Davey Winder

A Router Assessment Can Shield You From Cyber Attacks

As previously reported, investigators at Broadband Genie revealed that 86% of individuals had never modified their router admin credentials from the original factory defaults. At all. What’s the issue here? It implies that I probably know your admin login credentials. Any moderately skilled hacker recognizes how straightforward it is to locate specific default credentials for just about any router brand and model. There are even dedicated search engines for this purpose. Unfortunately, it escalates. Broadband Genie also noted that 56% of internet users had never altered any of the default router configurations. None. Additionally, 89% had never updated their router firmware. This leaves any newly discovered vulnerabilities right where they were when manufactured. This situation elucidates why IBM’s X-Force analysts have issued the router assessment warning. “Why invest time and resources into crafting phishing emails and pilfering employee data,” Doug Bonderud remarked at the IBM X-Force Security Intelligence blog, “when supposedly secure devices can be accessed simply using admin and password as credentials?”

ForbesCritical New Email Hacking Alert—Passwords And Email Contents CompromisedBy Davey Winder

The Escalating Threat Of Router Attacks

Alerting about the increasing threat of router attacks, Bonderud emphasized that cybercriminals who succeed in compromising routers can manipulate both incoming and outgoing network data, introducing various risks such as redirecting users to harmful websites, executing man-in-the-middle data theft operations, exploiting distributed denial of service attacks as part of a larger botnet comprising compromised routers like the Matrix, and monitoring user behavior. “The nature of router attacks also complicates detection,” Bonderud cautioned, “because cybercriminals are not physically breaking into routers or taking circuitous paths to bypass security measures.”

In my previous coverage addressing the dangers of default router credentials, Alex Toft, Broadband Genie’s broadband expert, stated that leaving the password unchanged from the default is the simplest method for someone to gain entry to your router, essentially serving as “an open invitation for malicious individuals to snoop around and take what belongs to you.” The crux of the matter is that mitigating this is not overly challenging because if you select a sufficiently strong password, there’s genuinely no necessity to modify it again unless you suspect it has been violated. Additionally, you can utilize a password manager to both formulate such a password and securely store it, ensuring that recalling it when needed is not a concern.

ForbesGoogle Chrome 2FA Bypass Breaches Verified—Millions Of Users At RiskBy Davey Winder

Step-By-Step: Modifying Your Router Admin Credentials

Before we commence with this detailed guide, please remember that we are discussing changing your router admin login details rather than your wireless password. The fact is that it’s the admin username and password defaults that hold the most asset value to a potential intruder.

1. Access the router configuration settings page. There are numerous methods to identify this if you’re unaware; referencing your router manual or online documentation is a sensible starting point. You can also inspect the label on the bottom of your router as it typically displays the default settings address. Alternatively, try typing 92.168.0.1 or 192.168.1.1 in your web browser. Lastly, there’s the highly technical route of entering ipconfig into the Windows command prompt and locating the router IP address under the default gateway setting.
2. Input the existing default admin username and password. Try admin and password; this might work. If not, find the defaults via an online resource like the Router Passwords search engine. Don’t forget to check your documentation, too.
3. Navigate to the account management section, usually located somewhere along the lines of Advanced|System Tools|Administration, but consult the documentation if you’re struggling to locate it.
4. Alter your router admin username and password to something unique, save your modifications, and you’re finished.