Over 3 Lakh Routers Around The World Have Been Compromised: A Team Cymru Finding
A global internet security research firm has made a startling discovery. According #-Link-Snipped-# over 3, 00,000 small office and home routers have been compromised by unknown attackers. In the report titled âGrowing Exploitation of Small Office Routers Creating Serious Risksâ Team Cymru (pronounced "kum-reeâ) have found out that routers from various countries in Europe and Asia have been compromised by what they term as a SOHO pharming (SOHO stands for small office and home office routers). A majority of these compromised routers are from Vietnam, India, Italy and Thailand. All of affected devices had their DNS settings changed from their ISPâs default to two specific IP addresses hailing from South London (5.45.75.11 and 5.45.75.36). The attack was carried out in two ways as follows:
- In the first case, the attackers used a malicious code to target routers which had graphical user interfaces that were accessible from the Internet and then they carried out simple brute force log-on attempts to get access to the routerâs configuration.
- Secondly, they targeted routers which were vulnerable to the âROM-0â attack. The routers which ran ZyXELâs ZynOS allowed attackers to download the configuration file from an unsecured URL. This configuration file (ROM-0) could then be used to change the DNS settings.
Heat map graphic of the hotspots for SOHO Pharming infections
While a similar type of attack in Poland last year was carried out to obtain online banking credentials, it is surprising to note that the people behind SOHO pharming have not yet carried out any malicious activities. Team Cymru reached out to the owners of the aforementioned IP addresses and law enforcement authorities but they havenât obtained any reply from them.
Finally to make sure end users remain safe from this attack, Team Cymru have requested people to check the DNS settings on their routers and make sure that they match to ISPâs DNS. If they arenât sure of their ISPâs details they can use Google DNS or OpenDNS.
Source: Hackers take control of 300,000 home routers - BBC News Image Courtesy: #-Link-Snipped-#
- In the first case, the attackers used a malicious code to target routers which had graphical user interfaces that were accessible from the Internet and then they carried out simple brute force log-on attempts to get access to the routerâs configuration.
- Secondly, they targeted routers which were vulnerable to the âROM-0â attack. The routers which ran ZyXELâs ZynOS allowed attackers to download the configuration file from an unsecured URL. This configuration file (ROM-0) could then be used to change the DNS settings.
Heat map graphic of the hotspots for SOHO Pharming infections
While a similar type of attack in Poland last year was carried out to obtain online banking credentials, it is surprising to note that the people behind SOHO pharming have not yet carried out any malicious activities. Team Cymru reached out to the owners of the aforementioned IP addresses and law enforcement authorities but they havenât obtained any reply from them.
Finally to make sure end users remain safe from this attack, Team Cymru have requested people to check the DNS settings on their routers and make sure that they match to ISPâs DNS. If they arenât sure of their ISPâs details they can use Google DNS or OpenDNS.
Source: Hackers take control of 300,000 home routers - BBC News Image Courtesy: #-Link-Snipped-#
Replies
You are reading an archived discussion.
Related Posts
Everyone is talking about the fact how Ellen Degeneres’ Hollywood celebrity selfie at the Oscars broke Twitter records. The ‘selfie’ (self portrait) shot by Bradley Cooper starred Meryl Streep, Brad...
I have to submit a project on march. please look this video
I am interested about this project :Electricity generator by using rain water. but i have some question in...
British car maker Jaguar has officially announced the name of its long awaited compact sports sedan to be Jaguar XE. It will be powered with a new generation of Ingenium...
We look at the fastest and the best DNS servers available for India. Faster DNS allows for faster browsing on mobile and faster gaming.
We've all had that occasion where... Well... The below has happened.
Ever happened to you folks? 😁