Routers and IoT Devices Under Attack – Cybersecurity Threats Are Growing Rapidly

In recent years, internet-connected devices, especially IoT (Internet of Things) and consumer-grade routers, have become primary targets for cybercriminals. In 2024, scanning attacks aimed at identifying vulnerabilities worldwide increased by 91%. This rise is significantly higher than in previous years and serves as a concerning signal for the cybersecurity industry.

According to the “Sensor Intel Series” report published by F5 Labs in February 2025, scanning attacks in 2023 increased by only 5% compared to 2022, whereas in 2024, this figure surged to 91%. This indicates that any internet-connected device is becoming increasingly vulnerable to cyber threats.

Initially, researchers assumed that the increase in scanning activity was driven by CVE-2023-1389, a vulnerability in the TP-Link Archer AX21 router. However, further analysis confirmed that even without considering this specific vulnerability, the overall scanning attacks still rose by 91%, demonstrating the growing interest of cybercriminals in internet-connected devices.

42% of these scanning attacks targeted IoT devices and consumer routers. The CVE-2023-1389 vulnerability in the TP-Link Archer AX21 router has been the most scanned vulnerability over the past six months.

Additionally, in January 2025, CVE-2024-3721 (a command injection vulnerability in TBK DVR models) became one of the main targets of attackers. Exploitation attempts related to this vulnerability doubled, making it the fourth most targeted flaw. This highlights how quickly attackers seek to exploit newly discovered vulnerabilities.

While many internet users assume that cyberattacks originate mainly from botnets, analysis has shown that the majority of scanning attacks actually come from large hosting providers. According to F5 Labs, 75% of all attacks originate from just 20 ASN (Autonomous System Numbers).

The largest source of scanning activity was the Lithuania-based company UAB Host Baltic, responsible for 20% of all observed traffic. Surprisingly, this company conducted such a vast number of attacks using only 62 IP addresses, indicating that cybercriminals are extensively leveraging large cloud hosting services.

Researchers also noted that some hosting providers have started taking action against such activities, but the overall situation remains alarming.

Currently, any internet-connected device is at risk. You can enhance your device’s security by taking the following measures:

1️⃣ Install security updates for routers and IoT devices
Regularly update your devices with the latest firmware releases from manufacturers to patch exploitable vulnerabilities.

2️⃣ Change default passwords
If you still use the default passwords on your router or IoT devices, change them immediately to complex passwords and enable two-factor authentication (2FA).

3️⃣ Disable SSH and UPNP services
If your router or IoT device has SSH or UPNP (Universal Plug and Play) enabled, disable these features. Many attacks exploit these services.

4️⃣ Use network monitoring and IDS/IPS systems
Monitor network traffic and use Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) solutions to block suspicious activities.

5️⃣ Restrict access by limiting IP addresses and unused ports
Allow access to your router only from trusted IP addresses and close unused ports.

6️⃣ Optimize DNS security settings
Replace your router’s default DNS servers with secure alternatives like Cloudflare’s 1.1.1.1 or Google’s 8.8.8.8 to prevent phishing attacks and malicious traffic.

As the number of internet-connected devices continues to grow, cybercriminals are becoming more aggressive in exploiting vulnerabilities. The record-breaking scanning attacks recorded in 2024 signal the emergence of a new level of threat.

Users and businesses must take proactive measures to secure routers and IoT devices now. Otherwise, global threats will continue to escalate, potentially causing severe damage.

Cybersecurity is an ongoing process. Therefore, always keep your systems updated in line with technological advancements!