• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 19th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Phishing Emails & Exploits Used by Attackers to Hijack Routers

March 2nd, 2015 Waqas Malware, Security 0 comments
Phishing Emails & Exploits Used by Attackers to Hijack Routers
Share on FacebookShare on Twitter

ProofPoint researchers released a report on Tuesday, which revealed that cybercriminals are now hijacking the Brazilian internet connections by altering their DNS (domain name system) settings. These kinds of attacks are termed as pharming attacks.

Pharming Attakcs:

Pharming attacks are designed to attract victims towards fake websites. These fake websites are usually replicas of banks and are used to steal credentials and similar sensitive data.

Usually, pharming attacks are highly efficient and in majority of the cases these cannot be spotted. By changing the DNS settings of the routers, hackers ensure that victims are redirected to a fake website as soon as they type-in the domain name of the real or legitimate website in the address bar of their web browser.

Related Post: ASUS routers can be easily hacked due to vulnerable firmware

phishing-emails-exploits-used-by-attackers-to-hijack-routers

ProofPoint Study:

It was previously assumed that only in network-oriented attacks can the DNS be hijacked but recent attacks show that phishing emails can prove to be just as effective.

Proofpoint researchers started monitoring this operation from December 2014 onwards and as per their observations the attacks began with the emergence of a spam email sent from one of the leading telecomm companies of Brazil.

Related Post: 16Mn Devices Compromised by Sophisticated Mobile Malware: Study

The security company observed a small spam run over a four-week period in which no more than 100 emails were sent out specifically to Brazilian organizations and users.

These emails contained links pointing to a webpage. This page was hosting malicious iframes, which were designed to abuse cross-site request forgery (CSRF) vulnerabilities that are usually present in the UTStarcom and TP-Link home routers.

The device manager’s login page was brute forced by a malicious code when common IP addresses and default passwords were tried out.

After compromising the administration page, the IP address for the router’s primary DNS server was also replaced with a malicious DNS IP.

Such attacks against users in Brazil were recorded by Kaspersky researchers in September 2014 too. However, it is evident that afterwards, the cybercriminals stepped-up their mechanisms.

Previously, both the primary and secondary DNS records were modified by the hackers but in recent such attacks, it has been observed that hackers only changed the Primary DNS server with their malicious server and then the secondary DNS was set to Google’s public DNS 8.8.8.8.

This helped hackers in resolving DNS requests from compromised devices if the malicious server wasn’t available and this technique is highly difficult for victims to suspect.

Pharming attacks are efficient since there is no need to take over a public DNS. If victims try to access any of the hacked websites, the request gets processed via the rogue DNS server and the victims are immediately taken to the compromised page.

Related Post: Hacker Maps Internet by Enslaving Thousands of Vulnerable Machines

This aspect was explained in detail by proofpoint researchers in a blog post:

“[Man-in-the-middle attacks] could be used to intercept and tamper with email communications, web sites, logins and passwords and other confidential or sensitive information, software downloads, hijack search results, redirect to a TDS and malware, and other malicious actions.”

The reason why home-based routers become easy targets of hackers is that many such devices are vulnerable to threats for instance, the Misfortune Cookie bug that was recently discovered and exposed millions of SOHO routers. Follow @HackRead

  • Tags
  • DNS
  • Malware
  • Phishing Emails
  • Routers
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article DARPA wants to use Unmanned Surveillance system to monitor The Arctic
Next article Microsoft Outlook Users Targeted with Account Termination Phishing Scam
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
X-rated social media app Fleek exposed explicit photos of users

X-rated social media app Fleek exposed explicit photos of users

Top Tips to Upscale Your Netflix Security Instantly

Top Tips to Upscale Your Netflix Security Instantly

'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

'Child's Play' - Kids breach and bypass Linux Mint screensaver lock

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hackers compromised IObit forum to spread DeroHE ransomware
Hacking News

Hackers compromised IObit forum to spread DeroHE ransomware

50
X-rated social media app Fleek exposed explicit photos of users
Leaks

X-rated social media app Fleek exposed explicit photos of users

67
Top learning management system (LMS) software for small businesses
Technology News

Top learning management system (LMS) software for small businesses

584

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us