Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Increased Attacks on Home Routers
March 30, 2020
Our world is very different these days. More and more people are now working from home. The bad guys know that too. Dark Reading reported security firm Bitdefender warns that a cybercriminal group is scanning the internet for vulnerable Linksys routers. Primarily, they are looking for weak or default logon credentials in order to change the router configuration to facilitate malware downloads. They then hijack DNS to route traffic to malicious websites. The attackers target valid domain names and websites. Some of the identified targets are:
- aws.amazon.com
- goo.gl
- bit.ly
- washington.edu
- imageshack.us
- ufl.edu
- disney.com
- cox.net
- xhamster.com
- pubads.g.doubleclick.net
- tidd.ly
- redditblog.com
- iddler2.com
- winimage.com
When a user tries to access one of the domains, traffic is sent to a malicious website "…claiming to be distributing a COVID information application from the World Health Organization." Malware starts downloading if you click through to the landing page. As a minimum, if you have a Linksys router at home, make sure you are running the latest firmware and change the default logon credentials to have a strong password.
Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com