top of page

Important cybersecurity warning for small businesses

  • 6 minutes ago
  • 2 min read

The UK’s National Cyber Security Centre (NCSC) has issued new warnings about a Russian state‑linked hacking group known as APT28. This group has been breaking into everyday internet routers, often the same type used in small offices and home workplaces, to steal passwords and other private information. They do this by quietly changing how the router directs internet traffic, sending people to fake websites that look real. From there, attackers can capture login details for email and other online services.


Attackers cast a wide net, trying to break into as many vulnerable routers as possible. Once inside, they focus on targets that seem valuable, meaning any small business could be caught in the middle without realising it.


Why this matters to small businesses


Small firms often rely on simple, off‑the‑shelf routers. If these devices are left with old software or default passwords, they become easy targets. Once a router is taken over:


  • Every device connected to it, laptops, mobiles, tablets, can be quietly redirected to fake websites.

  • Staff may enter real passwords into convincing copies of common services like Outlook.

  • Hackers may gain ongoing access to emails, accounts, and other sensitive business information.


It’s a silent threat: everything may appear normal while your data is being stolen in the background.


What actionable steps can be taken?


There are several key steps that directly help defend against this type of attack:


  1. Use strong passwords and two‑step verification

    If attackers do get into your router, stolen passwords are less useful when accounts also require a second step, like an app code, to log in.

  2. Keep your devices updated

    Many of the hacked routers were vulnerable because they were running old software with known security gaps. Keeping routers up to date closes these holes.

  3. Secure your internet router which may mean checking with your MSP or building management if someone else is maintaining the routers.

    The NCSC stresses how important it is to protect router settings, change default passwords, and turn off remote access if you don’t need it. This makes it much harder for criminals to break in.

  4. Be alert to fake websites

    Because attackers redirect your traffic, you may see login pages that look real but aren’t. Training staff to be cautious helps reduce the risk of entering sensitive details in the wrong place.

  5. Keep an eye on your systems

    Regularly checking router settings or unusual behaviour—like slow internet or login issues—can reveal problems early.


If you haven’t taken up our Security Awareness Training yet, this provides useful advice and guidance regarding above, otherwise, please reach out to your CRC team, who can offer you a 1-2-1 consultation.


 
 

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page