Hackers infect half a million routers

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Wow! Still lots of uncertainty, especially about the initial exploitation method, after loads of research.
A reliable test method would be good.
 

marku2

Known around here
Joined
Dec 23, 2016
Messages
919
Reaction score
263
Location
Australia
Wonder if this is the byproduct of the Israel USA infection on the Iran nuclear control pcb switches on their weapon enrichment program
Code name Olympic Games
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,006
Location
USA
The exploitation method could be as simple as:

1) Hack vulnerable Hikvision camera that exposed itself via UPnP. Use as proxy server.
2) Log in to router from the LAN-side using default credentials for the brand.
3) ???
4) Profit
 

c hris527

Known around here
Joined
Oct 12, 2015
Messages
1,782
Reaction score
2,066
Location
NY
Snippit From Talos:

Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues. The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols. Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims.
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
How about D-link? Minus the DIR-620?
 

SkyLake

Getting comfortable
Joined
Jul 30, 2016
Messages
358
Reaction score
301
Always wanted my own pfSense box but always been too scared to make it my internet facing router.
Done this myself. However, if you have never done such thing before, or do not understand how a firewall, proxy, dhcp / dns server etc etc works, then it is quite a steep learning curve.
But still there are many in depth / step by step tutorials on the interwebs, on how to setup a small but decent working router. You can also setup a vpn with it.
 
Joined
Apr 26, 2016
Messages
1,090
Reaction score
852
Location
Colorado
Don't be too scared, way more secure than most of the hardware-only boxes out there for one simple reason: the software is updated regularly so you can patch the vulnerabilities. A fair number of consumer router companies aren't very good about patching their firmware.

I guess I don't know how you could ever be certain 100% that you hadn't been hacked, but I keep my ASUS stock firmware patched (and haven't ever seen any weird behaviors or bandwidth usage) but I have syslogs for a year for pfSense with 100+ million blocked events, so I'm feeling halfway good about it!
 

TonyR

IPCT Contributor
Joined
Jul 15, 2014
Messages
16,443
Reaction score
38,162
Location
Alabama
Good post, @c hris527 !

Snippit From Talos:

The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols.
Such as is used in monitoring and controlling power grid.

Snippit From Talos:

..... and has the potential of cutting off internet access for hundreds of thousands of victims.
Not good either...but IMO, not as bad as a compromised power grid system. No power, no Internet anyway! :oops:
 

Mr_D

Getting comfortable
Joined
Nov 17, 2017
Messages
596
Reaction score
527
Location
Southern California
Always wanted my own pfSense box but always been too scared to make it my internet facing router.
pfSense is good stuff. I run Ubiquiti mainly because I don't have a power-efficient spare PC laying around and the pre-built pfSense boxes are more than I want to spend. Anyway, it is secure out of the box. If you're afraid of making a firewall change than exposes your network, then run a scan at GRC | ShieldsUP! — Internet Vulnerability Profiling   after each change.
 
Top