Emerging Threats

Targeted attacks now moving into the IoT and router space

Written by a NortonLifeLock employee


Recently, there have been reports in the media and online about state sponsored, targeted attacks moving into the router and IoT security space. While not an immediate threat to consumers, these kinds of attacks are examples of what could potentially be in store for router security in the coming months and years. 

What does this mean for me?

Reports like these are reminders that we should pay more attention to the security of our router and home wi-fi. Once a home network is compromised via the router, an attacker can gain access to a treasure trove of information about you and your family, from just about any device connected to your home network.  

This personally identifiable information can range from names, dates of birth, Social Security numbers, healthcare information, tax records and so much more. With this data in hand, attackers may be able to use stolen log in credentials to access your online accounts, use Social Security numbers to open new accounts in your name and could even get arrested and give out your information.

What is happening?

The United States Computer Readiness Team (US-CERT), an organization within the Department of Homeland Security responsible for analyzing and responding to cyber threats, has published a warning about the exploitation of network devices, including routers, by a state-sponsored attack group. For now, the targets lie within government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors. It’s also believed that small office home office (SOHO) users are being compromised as well.The FBI believes that cyber attackers are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.

Why should I care?

Symantec’s annual Internet Security Threat Report found a 600% increase in IoT attacks in 2017, which means that cyber criminals could exploit the connected nature of these devices. Routers were also the most frequently exploited type of device, making up 33.6% of IoT attacks. With Norton Core, our secure Wi-Fi router, we’ve blocked more than 45 million threats since August 2017 in the U.S.

What is a state sponsored attack group?

A state sponsored attack group is an organized group of hackers that are driven by intelligence gathering, disruption, sabotage, or financial gains. These groups may often be supported by a form of government.

These groups carry out what are called targeted attacks. In the past, these targeted attacks have been mostly linked to espionage. However, in recent times, the lines have started to blur, as we’ve seen a number of groups branch out beyond espionage. 

How to stay protected:

For those who may be concerned, we have some tips and best practices that you can do on your own to help protect your home network and IoT devices:

  • When setting up a new router, it is important to always change the default password to a unique, strong password and enable two-factor authentication, where possible.
  • Use a WPA2 encrypted Wi-Fi network rather than an open hotspot at home, and create a guest Wi-Fi network for guests and unsecured IoT devices.
  • Remember, just because your router may require a password, it does not mean it’s secure. Many routers have default credentials that can be accessed through a simple online search.
  • Don’t use IoT devices to store sensitive information such as passwords or credit card numbers.
  • When using an IoT device, turn off purchasing if not needed or set a purchase password.
  • Use a secure Wi-Fi router such as Norton Core that helps protect home networks – and an unlimited number of connected devices – against cyber threats before they infiltrate home networks. Norton Core was designed with security in mind from the ground up to harden many of the risks found in traditional routers.

Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2021 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.