Many of us neglect to change the default settings on our home routers, assuming that the tiny little box sitting in our house is safe. But that could be a huge mistake, according to a new report from security firm Proofpoint. The company says it has detected a four-week phishing campaign designed to quietly alter the settings on victims’ routers to steal online banking credentials and other sensitive personal data.
In the attack, which primarily targeted Brazilian Internet users, targets were sent an email referencing a fictitious unpaid bill from their ISP. A link inside that email directed unsuspecting victims to a malicious website that performs an attack on known vulnerabilities in UT Starcom and TP-Link routers. A script is then run to change the router’s domain name system (DNS) settings, allowing the crooks to redirect online banking sessions to spoof websites designed to steal login information.
The scariest part about this attack is that it operates under the radar – your anti-virus software won’t be able to detect it. “There is virtually no trace of this thing except for an email,” said Proofpoint Vice President of Advanced Security and Governance Kevin Epstein. “And even if your average user knows to look at his router’s DNS settings, he’s unlikely to notice anything wrong or even know what his normal DNS settings should be.”
Though this particular attack focused on Brazil, its mechanism could easily be repurposed to target those of us in the United States. Therefore, it’s important to change the default administrative credentials on your home router (i.e., its password) now before it's too late. Many routers have information about how to do this printed on a label on its underside. Otherwise, you can visit routerpasswords.com to look up information about your specific make and model.
For more information about this malicious new attack, and more information about checking and changing your router settings, visit Krebs on Security. You should check out Techlicious’s picks for the best PC security software to make sure you’re protected against other threats, as well.
[Image credit: TP-Link]