HomePortalFAQRegisterLog in


Share | 

  Phishing scam targets routers that use default security settings

View previous topic View next topic Go down 

Posts : 6136
Join date : 2009-08-15

PostSubject: Phishing scam targets routers that use default security settings   Fri Mar 13, 2015 4:29 pm

[You must be registered and logged in to see this link.]

Phishing scam targets routers that use default security settings

Californian information security firm Proofpoint uncovers attack on Brazilian internet users with generic router login details such as ‘admin’

Internet users are being warned to ensure that their routers have unique passwords, after email spammers have been spotted sending phishing links, which try to hijack the devices using default passwords, in order to harvest personal information from their victims.

The phishing emails attempt to trick the user into clicking a carefully crafted link, which will log the spammer into a home router if it’s set up with the default security settings and a known password. From there, the spammer can eavesdrop on communications by altering the router’s settings to pass all traffic through their owner servers.

Californian information security firm Proofpoint discovered the attacks, which primarily targeted Brazilian internet users.

Security reporter Brian Krebs wrote: “The emails were made to look like they were sent by Brazil’s largest internet service provider, alerting recipients about an unpaid bill. In reality, the missives contained a link designed to hack that same ISP’s router equipment.”

But the attack isn’t likely to remain in Brazil, says Proofpoint: “The limited size and geographic scope of this initial sample do not mean it will remain so: the history of malware is the story of the spread of techniques from a local blip to [a] global threat as attackers continually adopt new techniques that demonstrate their effectiveness against existing defenses [sic].

“The fact that in this case the attackers chose email as their initial vector for attempting to compromising vulnerable routers – normally viewed as a network-based attack best defended by network IPS solutions – demonstrates both the continued evolution of attack techniques and the continued pre-eminence of email as the go-to attack vector for cybercriminals.”

Most routers sold today ship with a unique password, which protects against this type of attack. But older routers were frequently sold with standard sign-in credentials such as “admin” and “password”, and websites such as RouterPasswords make finding the information easy.

As a result, hacked routers have become a popular tool for online mischief: most notoriously, the hacking collective Lizard Squad used a network of routers captured through applying default sign-in credentials to launch a distributed denial of service attack against Sony and Microsoft which took down their gaming services over the Christmas period.

But even if the router is one that ships with a unique password, such as BT’s Homehub range, users should still be careful about what email links they click on. The phishing attack discovered in Brazil made use of a vulnerability in the ISP’s routers to enter the default credentials, but vulnerabilities for other brands may not require that much information.

[You must be registered and logged in to see this image.]

"Life isn't about waiting for the storm to pass...it's about learning to dance in the rain."
Back to top Go down

Phishing scam targets routers that use default security settings

View previous topic View next topic Back to top 
Page 1 of 1

 Similar topics

» Homemade Crossbow Targets
» Safety/Security tips.
» campsite security
» The Cashback Scam
» social security direct deposit Banamex

Permissions in this forum:You cannot reply to topics in this forum
 :: Computing, Internet, Mobile phones, TV and Satellite-