Cybercriminals target home, office routers in new hijack attempt
eSentire alert released Friday says Dasan and D-Link routers most susceptible
Cambridge, Ont. cybersecurity company eSentire alerted internet users Friday of a coordinated attempt to remotely hijack small office and home internet routers.
Keegan Keplinger, a data visualization expert for eSentire, spotted the problem on July 19, while he was monitoring cyber attacks against the company's clients.
- With cybercrime costing $3B annually, AI can improve chances of finding hackers
- Convicting cybercriminals no easy task, UBC prof says
What he saw was over 3,000 different IP addresses firing the identical command at the identical time.
"One threat actor or one threat group looked to be behind all these IP addresses that were sending this exploit attempt," Keplinger told CBC News.
What that "threat actor" or phantom culprit was trying to accomplish is difficult to say, Keplinger says.
What he does know, however, is that the information being sent through cyberspace had one goal in mind: find an internet router and take control.
How attack worked
When the attack infects a router — the device that allows multiple computers in a home or office to use the same internet connection — it tells the router to connect with an external site and download malware.
At this point, Keplinger says the malware could be used to spy on internet activities passing through the router.
Once the router is recruited, it may just sit quietly and do nothing. It may quietly snoop.- Keegan Keplinger
Keplinger says in this case, D-Link and Dasan brand routers were the targets.
What's more likely than snooping, he believes, is that the culprit who launched the coordinated attack will create a large botnet — a number of internet-connected devices running one or more robots — and use it to create denial of service (DDoS) attacks.
DDoSing, according to Keplinger, is when a culprit takes over someone's internet connection or network and refuses to restore the service unless the user pays a ransom.
How to protect yourself
How would you know if your router was being used for either of these nefarious purposes? Keplinger said you probably wouldn't.
"Once the router is recruited, it may just sit quietly and do nothing. It may quietly snoop," he said. "It may just sit there and wait until the botnet gets commanded to do a DDoS attack."
But that doesn't mean consumers are helpless, left to wonder whether they have a phantom-possessed router living in their office space.
Keplinger has these three suggestions for protecting your home or office router:
- Change the default original password that came with your router.
- Disable remote access, so that your router cannot be accessed from outside your network.
- Get a firmware "patch" for your router, to update its operating program.