Jack Mannino, CEO at nVisium, told Threatpost that the focus on routers offers attackers certain advantages.

“Controlling network infrastructure will always be an appealing attacker goal because of the springboard it provides for launching future attacks,” he said. “As a software developer, it’s important to consider that the networks your users access your product from may be compromised, and build this into your threat models. Whether it’s the level of access it provides to network traffic, or the chokepoints and amplifiers for DDoS attacks they present, previous botnets, such as Mirai, gave us a glimpse into what these campaigns can achieve. More security teams focus on their Patch Tuesday fixes than updating the devices they frequently expose directly to the internet.”