Hackers Launching DNS-Hijacking Attacks Against Routers
Hackers are launching DNS-hijacking attacks against D-Link and Linksys routers, redirecting users to malicious sites advertising phony Coronavirus apps. If users download the apps, their devices become infected with information-stealing malware. The hackers are using brute force attacks to obtain routers' admin passwords.
The best mitigation is to use a strong device password and disable remote management so the router cannot be accessed remotely. Consider setting up a separate DNS server on your network, pointing to your selected authoritative DNS servers. Configuring all endpoints to point to root DNS servers will likely exhaust the NAT tables in your routers. Lastly, most home routers can be configured to forward logs for analysis or alerting; that necessitates monitoring the average home user is not prepared for. Also enable automatic firmware updates.
Many of these routers are in SOHO applications where they are installed but not "managed." As more of us work remotely, these devices become attractive targets. When installing them, it is important to change the default passwords. Since these devices do not implement strong authentication, this is an application where strong passwords are indicated.
William Hugh Murray
Read more in
Bitdefender: New Router DNS Hijacking Attacks Abuse Bitbucket to Host Infostealer
ZDNet: D-Link and Linksys routers hacked to point users to coronavirus-themed malware
Ars Technica: New attack on home routers sends users to spoofed sites that push malware
Threatpost: Hackers Hijack Routers to Spread Malware Via Coronavirus Apps
Bleeping Computer: Hackers Hijack Routers' DNS to Spread Malicious COVID-19 Apps
Cyberscoop: Hackers are messing with routers' DNS settings as telework surges around the world