Blogs

NCSC Advisory: Why weak routers are the new front door to cyber attacks

Written by Ian Robinson | Jul 16, 2026 2:25:58 PM

This week, the UK National Cyber Security Centre (NCSC) – along with similar agencies from 12 other countries – co-released a new advisory urging critical; infrastructure organisations to improve their defences against cyber-attacks by Russian intelligence services.

The warning highlights the “global exploitation of poorly configured routers.”

Attackers are taking advantage of what has been left open

Modern environments are like systems with lots of parts, such as routers and switches, all working together. Attackers get this.  They go after the network devices that people often think are fine.

They are set up once and forgotten. We have seen this time and again with attacks like Volt Typhoon and Salt Typhoon, which exploited weaknesses in routers and switches to gain long-term access to networks.

We shouldn’t need the NCSC to remind us default passwords are a risk

But while the NCSC advisory specifically condemns the Russian FSB’s Centre 16, the attack methods it highlights do not demand the resource of a state-sponsored agency.

They’ve been scanning for routers that still use weak, vulnerable versions of SNMP with simple passwords. They’ve been exploiting long-known vulnerabilities in Cisco devices and its Smart Install feature.

The vulnerabilities identified could be targeted by any criminal group

These are basic attack routes that could just as readily be targeted by criminal groups or even individuals.

Historically, the additional heft of state-sponsored groups may have been needed to automate the search, but AI is putting that capability in each of many more potential adversaries.

Yet in most instances, the exploitable vulnerabilities that are being targeted can be readily and rapidly addressed by configuration changes. You just need to spot them.

At Titania, our Best Practice Security Audit report has been pinpointing both these issues for years, and providing customers with straightforward guidance to remediate them.

Why does it take the threat of Russian spies to compel organisations to act?

For some, there is the excuse that they’re using legacy routers where configuration can only be changed by taking the device offline.

But given how long ago these specific exploitable vulnerabilities were identified, and how widely they are known about, this seems a weak argument.

There has been ample time to redesign the overall network, building in high availability considerations and disaster recovery – which would seem essential for fundamental operational reasons.

These capabilities can then be used to enable older devices to be patched and configured safely, without disrupting operations.

Surely a planned outage on your own terms is preferable to one caused by an attack?

Can’t fix your routers? Focus on network segmentation

Finally, if there is really no way of fixing your routers, then you need a different approach – because in a world where Advanced Persistent Threats can use automated scanning to find the weak spots, it becomes a question of when they will find them, not if.

The best protection comes through network segmentation, backed by least privilege access principles, especially for the most critical assets.

That way, if Centre 16 or any other threat gets past your unprotected entry points, their ability to move laterally is restricted and the potential blast radius of the incursion is contained.

Network segmentation is something we recommend to even those with the most robust patching regimes, because it provides the defence in depth that’s needed to protect against undetected lateral movement within the network: a far more advanced attack mode than the ones covered in the current advisory.

Harden your network against exploitations before attackers find the gaps

Learn more about our vulnerability management audits for network devices and if your priority is checking Cisco devices, read our dedicated guide to Cisco device configuration auditing & security best practices.