티스토리 뷰
Californan information security firm Proofpoint uncovers attack on Brazillizn internet users with generic router login details such as 'admin'
Internet users are being warned to ensure that their routers have unique passwords, after email spammers have been spotted sending phishing links, which try to hijack the devices using default passwords, in order to harvest personal information from their victims
The phishing emails attempt to trick the user into clicking a carefully crafted link, which will log the spammer into a home router if it's set up with the default security settings and a known password. From there, the spammer can evasdrop on communications by altering the router's settings to pass all traffic through their owner servers
Californian information security firm Proofpoint discovered the attacks, which primarily targeted Brazilian internet users
Security reporter Braian Krebs wrote: "The emails were made to look like they were sent by Brazil's largest internet service provider, alerting recipients about an unpaid bill. In reality, the missives contained a link designed to hack that same ISP's router equipment"
But the attack isn't likely to remain in Brazil, says Proofpoint: "That limited size and geographic scope of this initial sample do not mean it will remain so: the history of malware is the story of the spread of techniques from a local blip to [a] global threat as attackers continually adopt new techniques that demonstrate their effectiveness against existing defenses [sic]
"The fact that in this case the attackers chose email as their initial vector for attempting to compromising vulnerable routers - normally viewed as a network - based attack best defended by network IPS solutions - demonstrates both the continued evolution of attack techniques and the continued pre-eminence of email as the go-to attack vector for cybercriminals"
Most routers sold today ship with a unique password, which protects against this type of attack. But older routers were frequently sold with standard sign-in credentials such as "admin" and "password", and websites such as RouterPasswords make finding the information easy
As a result, hacked routers have become a popular tool for online mischief : most notoriously, the hacking collective Lizard Squad used a network of routers captured through applying default sign-in credentials to launch a distributed denial of service attack against Sony and Microsoft which took down their gaming services over the Christmas period
But even if the router is one that ships with a unique password, such as BT's Homehub range, users should still be careful about what email links they click on. The phishing attack discovered in Brazil made use of a vulnerability in the ISP's routers to enter the default credentials, but vulnerabilities for other brands may not require that much information
vulnerabilities for other brands may not require that much informaiton
made use of a vulnerability
discovered in Brazil made use of a vulnerability in the ISP's routers tp enter the default credentials
still be careful about what email links they clink on
such as BT's Himehub range
is one that ships with a unique password
took down their gaming services over the Christmas period
to launch a distributed denial of service attack against Sony
captured through applying default sign-in credentials
most notoriously, the hacking collective Lizard Squad used a network of routers captured through applying default sign-in credentials
have become a popular tool for online mischief
make finding the information easy
were frequently sold standard sign-in credentials such as "admin" and "password"
protects against this type of attack
sold today ship with a unique password
the continued pre-eminence of email
as the go-to attack vector for cybercriminals
the continued pre-eminence of email as the go-to attack vector for cybercriminals
demonstrates both the continued evolution of attack techniques
based attack best defended by network IPS solutions
normally viewed as a network
for attempting to compromising vulnerable routers
chose email as their initial vector for attempting to compromising vulnerable routers
their effectiveness against existing defenses
adopt new techniques that demonstrate their effectiveness against existing defenses
as attackers continually adopt new techniques that demonstrate their effectiveness against existing defenses
from a local blip to [a] global threat
is the story of the spread of technoques from a local blip to [a] global threat
that limited size and geographic scope of this initial sample do not mean it will remain so
the attack isn't likely to remain in Brazil
in reality, the missives contained a link designed to hack that same ISP's router equipment
an unpaid bill
alerting recipients about an unpaid bill
were made to look like they were sent by Brazil's largest internet service provider
by altering the router's settings to pass all traffic through their owner servers
can evasdrop on communications by altering the router's settings to pass all traffic through their owner servers
will log the spammer into a home router
set up with the default security settings
will log the spammer into a home router if it's set up with the default security settings and a known password
clicking a carefully crafted link
attempt to trick the user into clicking a carefully crafted link
in order to harvest personal information from their victims
try to hijack the devices using default passwords
after email spammers have been spotted sending phishing links
to ensure that their routers have unique
are being warned to ensure that their routers have unique passwords
uncovers attack on Brazillian internet users with generic router login details such as 'admin'
use default security settings