Attackers targeting home routers with spoofing attack

Posted on Thursday, March 26 2020 @ 11:18 CET by Thomas De Maesschalck
ARS Technica warns there's a new attack against home routers. Security researchers from Bitdefender say attackers are targeting Linksys routers but a report from Bleeping Computer claims D-Link models are also affected.

The attacks seem to be based on bruteforcing remote management credentials. Once this is achieved, the attackers can perform a spoofing attack to redirect web traffic to malicious websites that aim to install malware or attempt to phish passwords:
The malicious DNS servers send targets to the domain they requested. Behind the scenes, however, the sites are spoofed, meaning they’re served from malicious IP addresses, rather than the legitimate IP address used by the domain owner. Liviu Arsene, the Bitdefender researcher who wrote Wednesday's post, told me that spoofed sites close port 443, the Internet gate that transmits traffic protected by HTTPS authentication protections. The closure causes sites to connect over HTTP and in so doing, prevents the display of warnings from browsers or email clients that a TLS certificate is invalid or untrusted.
Users are advised to use passwords that are secure enough (and to definitely not leave it on the default credentials).

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments