Key Takeaways:
- Forescout's 2026 Riskiest Connected Devices report found that routers have climbed to the number one risk position among IT devices, with an average of 32 vulnerabilities per router or switch.
- The U.S. Department of Justice disrupted four major IoT botnets in March 2026 that had compromised over 3 million devices worldwide, including routers, cameras, and DVRs used in record-breaking cyberattacks.
- AI-powered attacks targeting IoT devices have surged significantly in 2026, with autonomous malware that can adapt and evolve faster than traditional security tools can respond.
Routers Are Now the Biggest Security Risk on Your Network
If you have not thought about your router's security in a while, 2026 is the year to start paying attention. According to Forescout's annual Riskiest Connected Devices report, published March 23, 2026, routers have jumped from the fifth riskiest IT device in 2025 all the way to the number one position this year. That is not a new trend either. Routers also held the top spot in 2022 and 2024.
The report, which analyzed millions of devices across enterprise and consumer networks, found that routers and switches now carry an average of roughly 32 known vulnerabilities per device. They also account for about one-third of the most critical vulnerabilities found across all organizational networks. In simple terms, your router is statistically the weakest link in your home or office setup.
This is not just a corporate IT problem. The same vulnerabilities that make enterprise routers attractive to attackers also exist in the consumer-grade routers that most people use at home. Outdated firmware, default login credentials, and unpatched security holes create easy entry points for anyone looking to exploit them.
A Massive Botnet Takedown Shows the Real-World Impact
If the Forescout data sounds abstract, the news from the U.S. Department of Justice makes the threat very concrete. On March 20, 2026, the DOJ announced it had disrupted the infrastructure behind four major IoT botnets: Aisuru, Kimwolf, JackSkid, and Mossad. Together, these botnets had infected more than 3 million devices worldwide, including Wi-Fi routers, webcams, digital video recorders, and streaming TV boxes.
The scale was staggering. According to data from Lumen's Black Lotus Labs, the JackSkid botnet alone averaged over 150,000 new victims per day in the first two weeks of March 2026, peaking at 250,000 on a single day. The Mossad botnet averaged over 100,000 daily victims during the same window. These botnets were responsible for some of the largest distributed denial-of-service (DDoS) attacks ever recorded, peaking at approximately 31.4 terabits per second.
What makes this especially relevant for home users is how these botnets spread. The Kimwolf variant did not just scan the open internet for exposed devices. It exploited residential proxy networks to reach devices that were behind home routers, targeting hardware that was never meant to be publicly accessible. In other words, even devices you thought were protected behind your home network were being compromised.
The DOJ operation involved law enforcement agencies from Canada and Germany, along with over 20 private-sector companies including Akamai, Amazon Web Services, Cloudflare, and Google. The botnet operators reportedly used a cybercrime-as-a-service model, selling access to infected devices to other criminals who then launched DDoS attacks, sometimes demanding cryptocurrency ransom payments from their targets.
AI-Powered Attacks Are Making Things Worse
On top of the already serious vulnerability landscape, a new generation of threats is emerging. AI-driven attacks targeting IoT devices have surged in 2026, with one security research outlet reporting a 54% increase in AI-powered IoT exploits this year. These are not your typical scripted attacks that follow a predictable pattern.
Modern AI-powered malware can adapt in real time. It scans a device, identifies the firmware version, tests multiple exploits, and deploys the one that works, all in under a minute. Once it compromises a device, it shares what it learned with the rest of the botnet, making every connected node smarter with each successful attack. Security researchers have observed AI botnets evolving their strategies over a thousand times in just a few weeks, optimizing for speed, stealth, and evasion.
PwC's 2026 Annual Threat Dynamics report echoes this concern, noting that the window between the public release of AI capabilities and their weaponization by attackers is shrinking rapidly. Security experts warn that fully autonomous attack agents capable of executing complete intrusion sequences without human involvement could become a reality in the near term.
For the average home user, the practical takeaway is that the old approach of setting up a router and forgetting about it is no longer safe. Automated threats do not distinguish between corporate data centers and home networks. If your router has a known vulnerability, these tools will find it.
The FCC Is Responding With a Router Import Ban
The federal government has taken notice. On the same day that Forescout published its report, the FCC updated its Covered List to include all consumer-grade routers produced in foreign countries. The practical effect is that no new foreign-made router model can receive FCC equipment authorization, which means it cannot legally be imported, marketed, or sold in the United States going forward.
The FCC's decision was driven by a national security determination from Executive Branch agencies, which concluded that foreign-produced consumer routers represent a severe cybersecurity risk to U.S. infrastructure. The ruling specifically cites the Volt Typhoon, Flax Typhoon, and Salt Typhoon campaigns, which were real state-sponsored intrusion operations that used compromised routers as launchpads to access American networks.
There are a few important things to understand about this ban. First, it only applies to new device models going forward. If you already own a router, you can keep using it. Retailers can also continue selling previously authorized models that are already in stock. Second, the ban is not limited to Chinese manufacturers. Any router produced in a foreign country is covered, regardless of where the company is headquartered. That includes U.S. brands that manufacture overseas.
Manufacturers can apply for a Conditional Approval exemption, but the process requires them to submit plans for moving manufacturing to the United States. Based on how the similar drone ban has played out since December 2025, approvals appear to be slow and selective.
What You Should Do Right Now to Secure Your Router
You do not need to wait for the government to protect your network. There are straightforward steps you can take today to reduce your risk significantly.
1. Update your router's firmware. Log into your router's admin panel and check for available firmware updates. This is the single most important thing you can do. Many of the 32 vulnerabilities per device that Forescout identified are patchable with a firmware update that the manufacturer has already released.
2. Change the default admin password. If your router's login is still set to "admin/admin" or "admin/password," change it immediately. Default credentials are the first thing attackers and automated scanning tools try.
3. Disable remote management. Unless you have a specific reason to access your router from outside your home network, turn off remote management in your router's settings. This closes one of the most common entry points for attackers.
4. Check your router's age. If your router is more than five years old, it may no longer receive security updates from the manufacturer. An unsupported router is an unpatched router, and an unpatched router is an open door. Consider upgrading to a current model that is actively maintained.
5. Use a strong Wi-Fi password with WPA3 or WPA2 encryption. Avoid using WEP or leaving your network open. A strong, unique password prevents unauthorized devices from joining your network in the first place.
6. Reboot your router periodically. A simple restart can disrupt some types of malware that reside only in temporary memory. It is not a complete solution, but it is an easy habit that helps.
7. Segment your network if possible. Many modern routers support guest networks. Put your IoT devices like smart TVs, cameras, and smart speakers on a separate guest network so that a compromised device cannot easily reach your computers or phones.
Why This Matters for Every Home Network
The convergence of these three stories paints a clear picture. Routers are the most vulnerable device on your network. Criminals are actively exploiting that weakness at massive scale. And AI is accelerating the speed at which new attacks are developed and deployed.
Your router is the gateway between the internet and everything in your home. Every device you own connects through it. When it is compromised, attackers can monitor your traffic, redirect you to malicious websites, steal credentials, or recruit your devices into a botnet without you ever knowing.
The good news is that basic security hygiene goes a long way. Keeping your firmware updated, using strong passwords, and replacing aging hardware are not complicated tasks, but they are the ones that most people skip. In 2026, skipping them carries real consequences.
Frequently Asked Questions
Is my router safe to use in 2026?
Your router is safe to use as long as it is running the latest firmware from the manufacturer and you have changed the default admin password. If your router is no longer receiving security updates because it has reached end-of-life status, you should consider replacing it with a newer model that is actively supported.
What does the FCC router ban mean for routers I already own?
The FCC's March 2026 Covered List update only affects new router models that have not yet received FCC authorization. If you already own a router, you can continue using it. Retailers can also keep selling previously authorized models. The ban does not require you to stop using or get rid of any router you currently have.
How do I know if my router has been compromised by a botnet?
Signs that your router may be part of a botnet include noticeably slower internet speeds, devices on your network behaving unusually, unexplained spikes in data usage, and your router becoming unresponsive or frequently needing to be restarted. You can also check your router's admin panel for unfamiliar connected devices or changed settings you did not make.
How often should I update my router firmware?
You should check for firmware updates at least once a month. Many newer routers offer automatic update options, which you should enable if available. Firmware updates patch known security vulnerabilities, and installing them promptly is the most effective way to protect your network from known threats.
What is a DDoS attack and can my router be used in one?
A DDoS attack, which stands for distributed denial-of-service, floods a target website or server with so much traffic that it becomes unavailable to real users. If your router is compromised by a botnet, it can be used as one of thousands or millions of devices sending that traffic without your knowledge. The March 2026 DOJ takedown involved botnets capable of generating over 31 terabits per second of attack traffic, which is enough to overwhelm almost any target on the internet.
Why are routers targeted more than other devices?
Routers are attractive targets because they are always on, they are rarely updated, they often ship with default credentials, and they sit at the boundary between the internet and your private network. A compromised router gives an attacker visibility into all of your network traffic and a foothold to reach every other device in your home or office. Unlike a laptop or phone, most people never interact with their router's settings after the initial setup.
What is AI-powered malware and should I be worried about it?
AI-powered malware uses artificial intelligence to scan for vulnerabilities, select the best attack method for a specific device, and adapt its behavior to avoid detection. Unlike older malware that follows a fixed script, AI-driven threats can change their approach in real time based on what defenses they encounter. For home users, this means that outdated routers and IoT devices are being found and exploited faster than ever. Keeping your devices updated and following basic network security practices is the best defense available right now.
