Hackers infect half a million routers

Discussion in 'Chit-Chat' started by looney2ns, May 23, 2018.

Share This Page

  1. looney2ns

    looney2ns Known around here

    Joined:
    Sep 25, 2016
    Messages:
    4,893
    Likes Received:
    2,978
    Location:
    Evansville, Indiana
  2. bigredfish

    bigredfish Known around here

    Joined:
    Sep 5, 2016
    Messages:
    1,197
    Likes Received:
    1,017
    Location:
    Florida USA
    Saw that earlier today, yuck.
     
    looney2ns likes this.
  3. alastairstevenson

    alastairstevenson Known around here

    Joined:
    Oct 28, 2014
    Messages:
    8,849
    Likes Received:
    2,495
    Location:
    Scotland
    Wow! Still lots of uncertainty, especially about the initial exploitation method, after loads of research.
    A reliable test method would be good.
     
  4. marku2

    marku2 Getting comfortable

    Joined:
    Dec 23, 2016
    Messages:
    905
    Likes Received:
    251
    Location:
    Australia
    Wonder if this is the byproduct of the Israel USA infection on the Iran nuclear control pcb switches on their weapon enrichment program
    Code name Olympic Games
     
  5. bp2008

    bp2008 Staff Member

    Joined:
    Mar 10, 2014
    Messages:
    7,290
    Likes Received:
    3,772
    The exploitation method could be as simple as:

    1) Hack vulnerable Hikvision camera that exposed itself via UPnP. Use as proxy server.
    2) Log in to router from the LAN-side using default credentials for the brand.
    3) ???
    4) Profit
     
    xlarons and alastairstevenson like this.
  6. looney2ns

    looney2ns Known around here

    Joined:
    Sep 25, 2016
    Messages:
    4,893
    Likes Received:
    2,978
    Location:
    Evansville, Indiana
    Freak'in bastards.
     
  7. c hris527

    c hris527 Getting comfortable

    Joined:
    Oct 12, 2015
    Messages:
    642
    Likes Received:
    325
    Location:
    NY
    Snippit From Talos:

    Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues. The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols. Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims.
     
    TonyR likes this.
  8. TL1096r

    TL1096r Getting the hang of it

    Joined:
    Jan 28, 2017
    Messages:
    189
    Likes Received:
    11
    How about D-link? Minus the DIR-620?
     
  9. SkyLake

    SkyLake Getting the hang of it

    Joined:
    Jul 30, 2016
    Messages:
    163
    Likes Received:
    94
    pfSense for the win :)
     
    Tengu and xlarons like this.
  10. xlarons

    xlarons n3wb

    Joined:
    Apr 16, 2018
    Messages:
    16
    Likes Received:
    4
    Location:
    UK
    Always wanted my own pfSense box but always been too scared to make it my internet facing router.
     
    Tengu likes this.
  11. SkyLake

    SkyLake Getting the hang of it

    Joined:
    Jul 30, 2016
    Messages:
    163
    Likes Received:
    94
    Done this myself. However, if you have never done such thing before, or do not understand how a firewall, proxy, dhcp / dns server etc etc works, then it is quite a steep learning curve.
    But still there are many in depth / step by step tutorials on the interwebs, on how to setup a small but decent working router. You can also setup a vpn with it.
     
    xlarons likes this.
  12. crw030

    crw030 Pulling my weight

    Joined:
    Apr 26, 2016
    Messages:
    205
    Likes Received:
    106
    Don't be too scared, way more secure than most of the hardware-only boxes out there for one simple reason: the software is updated regularly so you can patch the vulnerabilities. A fair number of consumer router companies aren't very good about patching their firmware.

    I guess I don't know how you could ever be certain 100% that you hadn't been hacked, but I keep my ASUS stock firmware patched (and haven't ever seen any weird behaviors or bandwidth usage) but I have syslogs for a year for pfSense with 100+ million blocked events, so I'm feeling halfway good about it!
     
  13. TonyR

    TonyR Known around here

    Joined:
    Jul 15, 2014
    Messages:
    2,027
    Likes Received:
    1,575
    Location:
    Alabama
    Good post, @c hris527 !

    Such as is used in monitoring and controlling power grid.

    Not good either...but IMO, not as bad as a compromised power grid system. No power, no Internet anyway! :oops:
     
  14. Mr_D

    Mr_D Pulling my weight

    Joined:
    Nov 17, 2017
    Messages:
    364
    Likes Received:
    244
    Location:
    Southern California
    pfSense is good stuff. I run Ubiquiti mainly because I don't have a power-efficient spare PC laying around and the pre-built pfSense boxes are more than I want to spend. Anyway, it is secure out of the box. If you're afraid of making a firewall change than exposes your network, then run a scan at GRC | ShieldsUP! — Internet Vulnerability Profiling   after each change.
     
    xlarons likes this.