Friday, 27 February 2015

Phishing Mail Hijacks Routers Using Default Password

During the final weeks of last year and the first half of January, cybercriminals conducted a small-scale email attack which tried to hijack different models of routers. The less than 100 emails were sent to Brazilian Internet users.

The email seemed the largest Brazilian telecommunications company coming and contained a link to a website. This website was abuse of cross-site request forgery (CSRF) vulnerabilities in the UTStarcom- and TP-Link routers from the telco. The CRSF attack tried to log into different default passwords and administrator names on the router. In case the attack was successful, the DNS servers from the router were changed.

The Domain Name System (DNS) is similar to the directory and translates among other domain names into IP addresses. The DNS hijacking an attacker can manipulate the movement of users and intercept sensitive data. Example, if users want them to be redirected to another page to their banking site. During the attack on Brazilian users to security firm Proofpoint , the campaign found out, not knowing what was done using the custom DNS servers.

No comments:

Post a Comment