Home Routers Being Targeted in DNS Hijacking Attack, Trend Micro Says

anvilfour

Attackers attempting to steal sensitive data by diverting home router traffic to malicious domains, security firm says.

Researchers at Trend Micro have discovered a malicious browser script being used to change DNS settings on home routers in some parts of the world in a bid to steal login credentials and other sensitive data from users of the devices.
The campaign is another sign that DNS hijacking is becoming an increasingly popular attack method for criminal hackers.
Earlier this week, security researchers at ESET reported a new malware threat dubbed Linux/Moose targeted at Linux routers that they said could be used for DNS hijacking purposes. In April, attackers hijacked domain name servers at the St. Louis Federal Reserve and redirected traffic meant for its domain to a malicious web page set up the attackers.
In the latest instance, discovered by Trend Micro, nearly 88 percent of the victims of the latest campaign are based in Brazil, but infections have also been observed in the U.S. and Japan, according to Trend Micro.
To compromise routers the threat actors behind the campaign first lure victims to websites containing the malicious script. When someone lands on such sites, the browser script performs a brute-force attack on the underlying home router to try and gain access to its administrative interface.
If it gains access, the script sends a single HTTP request to the router with a malicious DNS server IP address, Trend Micro senior threat researcher Fernando Merces said in a blog post Thursday. “Once the malicious version replaces the current IP address, the infection is done,” he wrote.

Full article : http://www.darkreading.com/attacks-breaches/home-routers-being-targeted-in-dns-hijacking-attack-trend-micro-says/d/d-id/1320634?

anvilfour

The comments section of the same article has some excellent ideas for a defence against this DNS Hijacking attack:

- Use a different DNS to your ISP's such as OpenDNS.
- Change your router default password(!)
- Check for firmware updates for your router (I personally use dd-wrt!)
- Use WPA2 Encryption for your Wifi (Don't see how this would protect against this but good advice all the same).
- You can use an Android app named F-Secure Router Checker to see how safe you are too.

dbit

I took part in that research .
Some vendors are moving to embed Trend Micro feature sets and technology in home routers . Nothing new I know, as its being done else where , IMO every little helps. Our sensor node is one global detection suite that comes from every trend enabled product on earth . (Opt out of course on all products) Makes for a very impressive system to see what the guys in japan are doing.

They have one of the most impressive cloud offerings, nothing else out there is at the Deep Security stage , others are developing similarly impressive systems . I just enjoy being apart of it .