Tuesday, 16 April 2024

DrayTeks end of life! And why you need Next Gen Firewalls

Is your business using DrayTek routers? With some unsupported models still widely used, it is important to act now to replace them. See our recommendations:

Is your business using DrayTek routers? With some unsupported models still widely used, it is important to act now to replace them. Unfortunately, cyber-attackers are targeting the devices – meaning the threat is real and immediate.

 

The Grant McGregor team is no stranger to keeping our customers informed about hardware and software obsolescence. However, this particular announcement comes with an urgent invocation to call us.

 

Which devices are end of life?

DrayTek is a Taiwan-based manufacturer of networking equipment and management systems. Its routers are widely used around the world and here in the UK. 

They are particularly used by small and mid-size businesses which need their VPN, firewall, load-balancing, bandwidth management and VoIP functionality.

For Grant McGregor customers, it’s particularly important to note that the following models have now reached the end of life, are out of support and are no longer receiving security updates:

•    Draytek 2830

•    Draytek 2860

•    Draytek 2862 

These are the only three DrayTek models that we have sold in the past. We need our customers to address any out-of-support hardware.

In addition, it is also worth noting that DrayTek has announced the end of support for:

•    Vigor 2960 and Vigor 3900 went out of support in December 2021 

•    VigorSwitch G2500 & P2500 in January 2022

•    VigorAP 710 in March 2022

•    Vigor2926 Series / 2926 LTE Series, Vigor2952 / 2952P, Vigor2133 Series and Vigor3220 in April 2022

•    VigorSwitch G1085, VigorSwitch P1085, VigorSwitch P1092 and VigorSwitch P2121 in July 2022

•    VigorSwitch G2540x / VigorSwitch P2540x in January 2023

•    VigorSwitch G1280 / VigorSwitch P1280 and VigorAP 810 in February 2023

•    Vigor2762, VigorNIC 132 Series and Vigor2862 / 2862 LTE AnnexA Series in May 2023

•    VigorAP 802, VigorAP 920R Series and Vigor2962P in November 2023.

 

Why is this end-of-life announcement so important?

In March 2023, the Register reported that cyber-security researchers had discovered that the Vigor 2960 and Vigor 3900 routers are subject to a malware attack.

The same researchers also found that, at that time, the models were still in widespread use. Scans showed that more than 4,000 of the devices were exposed to the Internet. It found that devices in North America, Latin America and Europe had been compromised.

Once the devices are compromised, the attackers install known malwares: Hiatus and a variant of the tcpdump packet analyser. HiatusRAT is a remote access trojan which first checks for processes running on the router’s 8816 port and kills anything it finds to ensure that it is only the RAT running on the router. It then collects information about the compromised router. It can also subvert the router to act as a proxy device. It can then launch further attacks across the network.

The researchers found evidence that the malware campaign had begun at least as early as July 2022. However, the researchers have not discovered how the devices were compromised. 

Even if the means of attack was discovered, the fact that they are out of support means that a fix is unlikely to be forthcoming. Users have no choice but to remove the devices from operation and replace them with a suitable alternative.

Note that this advice isn’t limited to only the Vigor 2960 and Vigor 3900 routers. Any device which is end of life and is no longer supported poses a risk. Patches, bug fixes and solutions to known vulnerabilities will not be issued and you are therefore exposed to greater cyber risk.

 

What should your use as a suitable alternative?

There are many options for your replacement device. You can speak with our team if you would like recommendations for routers that would be suitable for your workloads and infrastructure.

Grant McGregor frequently recommends the WatchGuard Next Generation Firewall (NGFW) devices. The Watchguard next-gen firewalls are ideal for small, midsize, and distributed enterprise organisations.

WatchGuard designs its network security appliances from the ground up to focus on ease of deployment, use, and ongoing management as well as, of course, providing the strongest security possible.  

Grant McGregor recommends Watchguard NGFs because they provide more than a firewall; they provide additional security such as Gateway Anti-Virus, DNS protection and web filtering. They also hook into our management system so that we can monitor them, and keep their firmware updated. This is important to protect your business and for your Cyber Essentials certification.

Of course, the best approach to security is a layered approach. That’s why, although every Watchguard Firebox can be purchased as a stand-alone NGFW appliance, WatchGuard strongly recommends that customers adopt a full security suite. It says the Firebox network security appliances offer the strongest security against network threats when running WatchGuard’s Total Security Suite.

 

Act now to protect your business

If you think you might have Vigor routers in your network which are no longer supported, please investigate at your earliest opportunity. If you would like assistance with this, please reach out to our team. We will be happy to help.

We also recommend that you speak with the Grant McGregor team about next-generation firewalls. 

Call us: 0808 164 4142

Message us: https://www.grantmcgregor.co.uk/contact-us

Further reading

You can get more advice about cybersecurity topics on our blog:

•    Server 2012 is end of life: Act now!

•    Do your backups include this important information?

•    Is your business data at risk? Don’t take chances with old tech

•    Why you must start planning early for Windows 10 end of life

•    Should your organisation be leasing your IT hardware?

•    Is your organisation doing enough on supply chain security?

•    Why is cyber security so difficult in industrial environments? And what to do about it

•    How to minimise the risk from phishing