A global internet security research firm has made a startling discovery. According to their report over 3, 00,000 small office and home routers have been compromised by unknown attackers. In the report titled “Growing Exploitation of Small Office Routers Creating Serious Risks” Team Cymru (pronounced "kum-ree”) have found out that routers from various countries in Europe and Asia have been compromised by what they term as a SOHO pharming (SOHO stands for small office and home office routers). A majority of these compromised routers are from Vietnam, India, Italy and Thailand. All of affected devices had their DNS settings changed from their ISP’s default to two specific IP addresses hailing from South London (22.214.171.124 and 126.96.36.199). The attack was carried out in two ways as follows:
- In the first case, the attackers used a malicious code to target routers which had graphical user interfaces that were accessible from the Internet and then they carried out simple brute force log-on attempts to get access to the router’s configuration.
- Secondly, they targeted routers which were vulnerable to the “ROM-0” attack. The routers which ran ZyXEL’s ZynOS allowed attackers to download the configuration file from an unsecured URL. This configuration file (ROM-0) could then be used to change the DNS settings.
Heat map graphic of the hotspots for SOHO Pharming infections
While a similar type of attack in Poland last year was carried out to obtain online banking credentials, it is surprising to note that the people behind SOHO pharming have not yet carried out any malicious activities. Team Cymru reached out to the owners of the aforementioned IP addresses and law enforcement authorities but they haven’t obtained any reply from them.
Finally to make sure end users remain safe from this attack, Team Cymru have requested people to check the DNS settings on their routers and make sure that they match to ISP’s DNS. If they aren’t sure of their ISP’s details they can use Google DNS or OpenDNS.
Source: BBC Image Courtesy: Team Cymru
It's "CrazyEngineers Day"! It's Our 9th Anniversary!
Nine years ago, on this day; CrazyEngineers (CE) was born to unite engineers from all over the world. Today, with tens of thousands of engineers visiting CrazyEngineers on daily basis; CE's become one of the largest online portals for engineers and we believe it's just a start. [Read More]