Really, How Bad Do Routers Have It?

In recent years, the United States government has warned the public that state-sponsored cyber actors conduct worldwide exploitation of network devices, particularly small business and home office routers, to support their campaigns.Quantitative analysis of ten years of Internet Storm Center data and current Shodan data was conducted to explore the scope of the router attack surface compared to that of host devices.This investigation determined that hosts are targeted more than twice as much as routers on average, even when controlled for relative number of devices.While the data shows that routers are not targeted as often as hosts, router security must be scrutinized from the early stages of research and development through field deployment.Recommendations for device manufacturers, Internet Service Providers, and cyber security practitioners are provided.