View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 27, 2015

Phishers strike routers as hackers get smarter

Cybercriminals seek data, must be well connected.

By Jimmy Nicholls

Hackers are using phishing attacks to target internet routers and steal data, according to the security vendor Proofpoint.

Malicious emails purporting to be from Brazilian telecoms companies use dodgy URLs to in combination with known vulnerabilities on affected routers to hijack a person’s network, exploiting the fact that many people do not change passwords on their routers after they are set up.

Writing on its website, Proofpoint said: "This case is striking for several reasons, not the least of which is the introduction of phishing as the attack vector to carry out a compromise traditionally considered purely network-based.

"Like the farming practice of using fish remains as fertilizer, modern attackers are using phishing emails to improve the yields of their pharming campaigns [in other words, the mass theft of data]."

Victims who click the URLs are redirected to webpages that use cross-site request forgery to target the routers, brute forcing the admin login page by sending it HTTP requests until the correct credentials have been entered.

The hackers have also set up a backup service for their own domain name service (DNS) used in the attack, which comes into use if the primary malicious DNS is disrupted to avoid raising a victim’s suspicions.

"If the phishing email recipient clicks the link and the vulnerability is successfully exploited, any computer behind the hacked router (that is, anyone connecting wired or wirelessly to that router) would potentially have their computer query a malicious DNS server to lookup any hostname on the Internet," Proofpoint explained.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Once the attack has been carried out the hacker is able to eavesdrop on internet conversations, facilitating their access to confidential data, including "email communications, web sites, logins and passwords".

Despite the campaign currently targeting Brazilians, Proofpoint warned that the campaign is likely to spread beyond the South American country.

"The history of malware is the story of the spread of techniques from a local blip to global threat as attackers continually adopt new techniques that demonstrate their effectiveness against existing defences," it said.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.