Is your home router living a secret double life as a botnet DDoS server?
The number of private home routers being duped into living a secret life as part of a botnet or in serving up malicious DNS results to its users has seen a surge in the latter half of 2016. It’s thought that the majority of traffic in the DDoS attack on various gaming servers in Christmas 2015 was generated from home routers that had been compromised.
Sophisticated attacks
The attack uses an exploit hidden in a malicious advert potentially on a legitimate website to check various aspects of your home or business network, including your location and the type of internet router you are using.
Once that information has been collected, the attack checks for known security holes to exploit on the router, and for default admin credentials and attempts to log into and change the routers configuration to redirect your internet traffic to their DNS servers
DNS
The DNS servers are the address books of the internet, when you type in a website, click on a link, send an email, play a game or anything that uses the internet, your computer sends that request (such as www.tinsleynet.co.uk) to the configured DNS server to find out the address of the server so it can fetch the webpage.
The malicious DNS servers insert their own copies of genuine websites, like Facebook, your email or your bank website, with their own copy of that page in an attempt to trick you into revealing your logon details.
Who’s at risk?
The malicious adverts can appear on genuine websites, such as newspaper websites like The Sun or The Daily Mail, and on popular clickbait websites like The Lad Bible or BuzzFeed, and begin their attack as soon as the advert is loaded.
Botnets
Another use for a compromised home or business internet router is in a botnet, that is a vast network of compromised devices, from routers, computers, smart phones and any other internet connected devices (think fridge freezers and washing machines!)
Once compromised, the internet routers (or other devices) begin sending requests to a victim’s server, such as the servers for xBox games, as millions of compromised devices do this at the same time from all over the world, the victim server is unable to cope with all the traffic, and genuine requests to access the server are delayed or refused as the server is overwhelmed, this is known as a DDoS attack.
Backdoor
The attacks are also installing or opening backdoors on the routers, enabling attackers to make further changes, upload malicious firmware and retain control of your router, and allowing them to attempt to access your network devices, such as computers, laptops, tablets, smartphones, printers, fridges, tv’s and so on.
What can you do?
Having security that protects ALL your home or business internet connected devices is essential, also check if your home or business router’s firmware is up-to-date, and if you have a firewall device, check that’s properly configured to protect from intrusion attempts.
#WeCanHelp
Remember that we offer a range of network security checkup services, from home networks to corporate networks of all sizes and complexities, contact us for help keeping your data safe.
07825650122 | it@tinsleyNET.co.uk | @tinsleyNET | +tinsleyNETcouk | www.tinsleynet.co.uk | Facebook | #Stuff4Steph
tinsleyNET IT Services Consultant
IT Support for small to medium or large sized businesses, home office workers and home users
across the UK based in the West Midlands and Shropshire.
#WeCanHelp
0 Comments