from the don't-ask-a-bad-guy-for-directions dept.
From ArsTechnica:
A recently discovered hack of home and small-office routers is redirecting users to malicious sites that pose as COVID-19 informational resources in an attempt to install malware that steals passwords and cryptocurrency credentials, researchers said on Wednesday.
A post published by security firm Bitdefender said the compromises are hitting Linksys routers, although BleepingComputer, which reported the attack two days ago, said the campaign also targets D-Link devices.
It remains unclear how attackers are compromising the routers. The researchers, citing data collected from Bitdefender security products, suspect that the hackers are guessing passwords used to secure routers' remote management console when that feature is turned on. Bitdefender also hypothesized that compromises may be carried out by guessing credentials for users' Linksys cloud accounts.
The router compromises allow attackers to designate the DNS servers [that] connected devices use. DNS servers use the Internet domain name system to translate domain names into IP addresses so that computers can find the location of sites or servers users are trying to access. By sending devices to DNS servers that provide fraudulent lookups, attackers can redirect people to malicious sites that serve malware or attempt to phish passwords.
[...] To prevent attacks on routers, the devices should have remote administration turned off whenever possible. In the event this feature is absolutely necessary, it should be used only by experienced users and protected by a strong password. Cloud accounts—which also make it possible to remotely administer routers—should follow the same guidelines. Moreover, people should frequently ensure that router firmware is up-to-date.
(Score: 1, Informative) by Anonymous Coward on Friday March 27 2020, @12:01AM
I have a Linksys router and it sent me to https://www.microsoft.com/software-download/windows10 [microsoft.com]
(Score: 2) by arslan on Friday March 27 2020, @01:47AM
Been getting lots of phishing email about covid pretending it is from various federal/state agencies, emails from supermarkets about stock levels, etc. all with phishing links. The fear level currently is ripe for phishing
Worse part is there are valid ones in there, our dumb gov. agencies are actually sending emails with links as well.
(Score: 2) by The Mighty Buzzard on Friday March 27 2020, @03:18AM
I never would have noticed myself on account of running a recursive nameserver for the LAN and manually specifying it in each device's config, but it's good to be aware anyhow.
My rights don't end where your fear begins.
(Score: 2) by DannyB on Friday March 27 2020, @06:17PM (1 child)
That is not reassuring.
People should know not to turn the remote madness console on. And if it must be on, the only limit it to the infernal network only.
As for passwords. Choose good ones. Like 12346. Nobody will expect the 6. There are easily googleable ways to automagically reject connections from IP addresses that have too many login failures.
If there were some other more sophisticated way that hackers compressed these routers, then THAT would be a big story.
The lower I set my standards the more accomplishments I have.
(Score: 2) by hendrikboom on Saturday April 04 2020, @01:21PM
Even the people who read that comment won't expect the 7 in 12347.