How Firewall Appliances can be Targeted by Hackers

August 2023

If you’re like most computer users, you consider a firewall to be among your best lines of defense against online attacks. And up until recently, you would probably be right. 

Unfortunately, recent events have revealed that firewall appliances, including wireless routers and other devices, can be just as vulnerable to malware attacks as any other Internet-connected device in your home or business.

How Are Firewall Appliances Susceptible to Malware?

In late February of 2022, it was announced that the notorious hacker group Sandworm had utilized malware (now known as Cyclops Blink) to infiltrate firewall devices sold by networking hardware company Watchguard. While the malware was just recently discovered, it has been tied back to firewall devices dating back to at least June of 2019. As of March 2022, it is suspected that the malware has infected devices across a wide range of countries, including:

  • The United States
  • Russia
  • India
  • Italy
  • Canada

How is it possible for these devices to be infected with malware when they are designed to protect against it? It’s not yet clear exactly what allowed for this type of vulnerability, but experts are suspecting that the malware may have been patched into an existing update for the hardware back in May of 2021.

Currently, it is also unknown what plans the Sandworm group may have for the malware attack. While the current list of victims is relatively small (with Watchguard estimating that as little as 1% of its devices may be affected), only time will tell the true extent of the damage. In the past, Sandworm has used malware and other firewall attack methods to take down electrical grids, communications infrastructures, and more. With this in mind, it’s important not to downplay the potential severity of this type of attack.

Watching For Signs of a Malware Infection

Those with Watchguard firewall devices, including routers and modems, should be on the lookout for potential signs of a malware infection on their devices. Specifically, devices that are compromised (or thought to be compromised) should be unplugged and disconnected from the network altogether. Doing so can help to prevent the spread of malware to other devices.

Protecting Your Firewall From a Malware Attack

Unfortunately, it doesn’t appear that there’s a surefire way to avoid this new wave of firewall attacks. Time and time again, hacker groups have proven that they will continue to develop firewall attack methods to overcome whatever protection users have in place.

Still, there are some common-sense measures administrators and users can take to maximize their firewall network protection and protection from other cybersecurity threats. This includes changing passwords regularly and never sending sensitive information over a public Wi-Fi network. Likewise, relying on a secure firewall server in the form of a dedicated server can provide an additional layer of protection (along with some much-needed peace of mind).

Ready to make the switch to a dedicated hosting plan? ReliableSite is here to make the transition as smooth as possible. Get in touch with us today to learn more.