Stories
Slash Boxes
Comments

SoylentNews is people

New Attack on Home Routers Sends Users to Spoofed Sites that Push Malware

posted by martyb on Thursday March 26 2020, @11:51PM   Printer-friendly
from the don't-ask-a-bad-guy-for-directions dept.

Fnord666 writes:

From ArsTechnica:

A recently discovered hack of home and small-office routers is redirecting users to malicious sites that pose as COVID-19 informational resources in an attempt to install malware that steals passwords and cryptocurrency credentials, researchers said on Wednesday.

A post published by security firm Bitdefender said the compromises are hitting Linksys routers, although BleepingComputer, which reported the attack two days ago, said the campaign also targets D-Link devices.

It remains unclear how attackers are compromising the routers. The researchers, citing data collected from Bitdefender security products, suspect that the hackers are guessing passwords used to secure routers' remote management console when that feature is turned on. Bitdefender also hypothesized that compromises may be carried out by guessing credentials for users' Linksys cloud accounts.

The router compromises allow attackers to designate the DNS servers [that] connected devices use. DNS servers use the Internet domain name system to translate domain names into IP addresses so that computers can find the location of sites or servers users are trying to access. By sending devices to DNS servers that provide fraudulent lookups, attackers can redirect people to malicious sites that serve malware or attempt to phish passwords.

[...] To prevent attacks on routers, the devices should have remote administration turned off whenever possible. In the event this feature is absolutely necessary, it should be used only by experienced users and protected by a strong password. Cloud accounts—which also make it possible to remotely administer routers—should follow the same guidelines. Moreover, people should frequently ensure that router firmware is up-to-date.

Original Submission

 
This discussion has been archived. No new comments can be posted.
New Attack on Home Routers Sends Users to Spoofed Sites that Push Malware | Log In/Create an Account | Top | 5 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by DannyB on Friday March 27 2020, @06:17PM (1 child)

    by DannyB (5839) Subscriber Badge on Friday March 27 2020, @06:17PM (#976396) Journal

    It remains unclear how attackers are compromising the routers.

    That is not reassuring.

    suspect that the hackers are guessing passwords used to secure routers' remote management console when that feature is turned on.

    People should know not to turn the remote madness console on. And if it must be on, the only limit it to the infernal network only.

    As for passwords. Choose good ones. Like 12346. Nobody will expect the 6. There are easily googleable ways to automagically reject connections from IP addresses that have too many login failures.

    If there were some other more sophisticated way that hackers compressed these routers, then THAT would be a big story.

    --
    To transfer files: right-click on file, pick Copy. Unplug mouse, plug into other computer. Right-click paste.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by hendrikboom on Saturday April 04 2020, @01:21PM

    by hendrikboom (1125) Subscriber Badge on Saturday April 04 2020, @01:21PM (#979020) Homepage Journal

    Even the people who read that comment won't expect the 7 in 12347.