Focus cyber criminals in attacking vulnerabilities especially on browsers and browser plug-ins, however, are also an interesting target routers. A well-known researcher has discovered a exploit kit namely that leaks into the routers include Belkin, TP-Link D-Link attacks.
These are vulnerabilities that are disclosed in 2008, 2013 and 2015 and patched. Because routers are not automatically updated and many consumers do not own install available updates, it can indeed prevent further routers in circulation with vulnerabilities of seven years ago. In addition, the exploit kit also performs brute force attacks on all other models, including those from Microsoft and Linksys. In case the attacks are successful adjusts the DNS of the router. This allows attackers to traffic from the attacked router by running their own servers, or users of the attacked router forwarding to phishing sites.
Security Researcher 'JuK' of the blog Malware Do not Need Coffee discovered the exploitkit. That appears to work only from certain IP ranges. Once a router has changed the IP addresses of the DNS servers are changed and then reboot the router.As a secondary DNS server defaults DNS server of Google. This should prevent the investigator users suspect something when there are problems with the IP address of the first DNS server arise.
No comments:
Post a Comment