Threat actors are looking to prey on antiquated routers meeting the end of life their life and patch support cycle, according to an alert from the Federal Bureau of Investigations (FBI), which said it has seen a surge in attacks against antiquated network gear that no longer receives regular security updates.The FBI alert said renewed activity against vulnerable routers were observed that have not been updated in some time. Specifically, it has seen an increase in attacks using malware known as “TheMoon.”“End of life routers were breached by cyber actors using variants of TheMoon malware botnet,” the FBI said.“Recently, some routers at end of life, with remote administration turned on, were identified as compromised by a new variant of TheMoon malware.”The malware itself is a rather dated piece of binary nastiness. TheMoon was first spotted in 2014 and has been identified as the culprit in a number of attacks on corporate networks and enterprise equipment. As with its targets, the malware has stood the test of time due to apathy and continued effectiveness.Many organizations consider their network equipment to be a secondary priority when it comes to patching and upgrades and, as a result, devices are left exposed to years-old vulnerabilities and exploits that have long-since been patched by vendors.This creates a problem for administrators who are left to secure devices that are out of support and have no official means of obtaining security updates despite ongoing exploit attempts from threat actors.“TheMoon does not require a password to infect routers; it scans for open ports and sends a command to a vulnerable script,” the FBI said in its alert.“The malware contacts the command-and-control (C2) server and the C2 server responds with instructions, which may include instructing the infected machine to scan for other vulnerable routers to spread the infection and expand the network.”Aside from updating their network hardware with newer gear that is actively getting security and stability updates, the best avenue administrators and network defenders can pursue is to make sure their internet-facing appliances are patched to the latest supported version and are constantly being monitored for suspicious activity. Additionally, strong policy practices such as disabling remote administration functions can at least minimize the threat surface and help to cut down on some of the common means of entry hackers use.“Use strong passwords that are unique and random and contain at least 16 but no more than 64 characters,” the FBI advised.“Avoid reusing passwords and disable password hints.”At the end of the day, however, the issue comes down to organizational problems. If management cannot see fit to provide IT staff with equipment that is at least recent enough to be getting firmware updates and security patches, enterprises will be inevitably at risk of network intrusions and data breach.