Routers allow multiple devices to use the same internet connection. They accomplish this goal by directing traffic — internal devices are routed along the most efficient path to outside-facing services, and incoming data is sent to the appropriate endpoint.

If attackers manage to compromise routers, they can control both what comes out of and what goes into your network. This introduces risks such as:

Redirecting users to malicious web pages

Conducting man-in-the-middle (MiTM) attacks to steal data

Carrying out DDoS attacks as part of a larger botnet

Monitoring user behavior with IoT devices

The nature of router attacks also makes them hard to detect. This is because cyber criminals aren’t forcing their way into routers or taking circuitous routes to evade security defenses. Instead, they’re taking advantage of overlooked weak spots to access routers directly, which means they aren’t raising red flags.

Consider a router with “admin” as the login and no password. A few simple guesses get attackers into router settings without triggering a security response since they haven’t breached a network service or compromised an application. Instead, they’ve accessed routers the same way as staff and IT teams.