• Unit 42
  • Threat Brief: Cyber Attackers Using Your Home Router To Bring Down Websites

Threat Brief: Cyber Attackers Using Your Home Router To Bring Down Websites

Christopher Budd


Category: Threat Brief, Unit 42

Tags: , , , ,

In recent research, Palo Alto Networks found attackers were targeting home routers to take control and use them for attacks against other websites that can bring them down. Here we explain this type of attack and what you should do.
Why should I care, what can it do to me?
These attacks could affect you in two ways:

  1. They can slow down or disrupt your internet connection,
  2. They can also make you an unwitting participant in attacks against other websites.

What causes this kind of attack?
Weak passwords and out-of-date software can both enable attackers to take complete control of your home router.
How can I prevent it?
Attackers target home routers like this by targeting default passwords and out-of-date software on the routers. An easy thing you can do is restart your router once a week (typically by unplugging it).
You can also stay safe by changing the password on your router and updating the software. If you’re not sure how to do this, contact your Internet Service Provider (ISP) that gave you the router for help.
How does it work?
When devices (in this case, the routers) are under someone else’s control like this, the collection is referred to as a “botnet”, a network (-net) of remotely controlled systems or devices (bot-).
When attackers have complete control of your home router, they can install attack software that they control, turning the device into a “bot”. Attacks can make all the controlled routers in a botnet do anything they want, including sending huge amounts of data to try and bring websites down.
These kinds of attacks are called “Distributed Denial of Service” or “DDoS” attacks. Attackers use them to take down websites for several reasons:

  • Personal or political reasons
  • To blackmail websites to pay money or face attack
  • To act as a diversion for other more serious attacks
  • Simply to create mischief

Threat Briefs are meant to help busy people understand real-world threats and how they can prevent them in their lives.
They’re put together by Palo Alto Networks Unit 42 threat research team and are meant for you to read and share with your family, friends, and coworkers so you can all be safer and get on with the business of your digital life.
Got a topic you want us to write about for you, your friends, or your family? Email us at u42comms@paloaltonetworks.com.


  1. Terry Critchley says:

    Can we have a list of routers most at risk plus how to add any fixes to them if available?

    1. Christopher Budd Christopher Budd says:

      Hi, thanks for reading. In the recent research we cited in this posting we list some of the routers.
      But all devices get updates, so a good rule of thumb is to just assume you need to check your router for updates regularly.

  2. E says:

    Why restart of the vulnerable router helps to solve the problem?

    1. Christopher Budd Christopher Budd says:

      Hi thanks for reading. Most of the malware that attacks devices like this is resident only in memory. So a reset will clear it if you’re infected.
      The right answer is to update, but a proactive, regular rebooting of your router can be a good practice as well.
      And in my own experience at home helps generally keep things working best.
      Thanks again for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get updates on Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit 42

Follow us on