Security researcher Troy Mursch revealed that hackers have been breaking into home routers to change DNS server settings and hijack traffic to redirect it to malicious sites.
Researchers have detected different types of attacks against consumer routers. It is reported that all of the attacks can be traceable to hosts on the Google Cloud Platform (AS15169) network. Mursch described three different attacks that began in December 2018. In the latest discovered on March 26, “attacks come from three different Google Cloud Platform hosts and target other types of consumer routers that have not been seen before.” Mursch believes that it is impossible to determine the scope and scale of these attacks unless researchers use tactics used by malicious actors.
“We have suspended the fraudulent accounts in question and are working through established protocols to identify any new ones that emerge. We have processes in place to detect and remove accounts that violate our terms of service and acceptable use policy, and we take action on accounts when we detect abuse, including suspending the accounts in question. These incidents highlight the importance of practicing good security hygiene, including patching router firmware once a fix becomes available,” a Google Cloud spokesperson wrote.
“Home router vulnerabilities are a great nuisance for organizations, and in light of the latest news about hackers leveraging D-Link routers to hijack DNS traffic, organizations should put their guard up,” said Justin Jett, director of audit and compliance at Plixer.
“While home routers don’t directly connect with the corporate network, they are used by individuals at home and in many cases connect business assets like mobile phones and computers to the Internet when employees are not on the campus,” Jett said.
As more and more people work remotely, malicious actors can bypass corporate defenses through their employees’ home networks as the networks are less secure. People may download malicious software on their PC without notice.
People can use VPN to secure their connections to the Internet. Network and security experts can use network traffic analysis to learn normal user behavior. They can detect and fix the problem instantly.
Published by Emerson L. Sullivan & last updated on April 12, 2019 9:15 am