Skip to main content

Ongoing DNS hijackings target unpatched consumer routers

posted onApril 4, 2019
by l33tdawg
Arstechnica
Credit: Arstechnica

A wave of DNS hijacking attacks that abuse Google's cloud computing service is causing consumer routers to connect to fraudulent and potentially malicious websites and addresses, a security researcher has warned.

By now, most people know that Domain Name System servers translate human-friendly domain names into the numeric IP addresses that computers need to find other computers on the Internet. Over the past four months, a blog post published Thursday said, attackers have been using Google cloud service to scan the Internet for routers that are vulnerable to remote exploits. When they find susceptible routers, the attackers then use the Google platform to send malicious code that configures the routers to use malicious DNS servers.

Troy Mursch, the independent security researcher who published Thursday's post, said the first wave hit in late December. The campaign exploited vulnerabilities in four models of D-Link routers, including:

  •     D-Link DSL-2640B
  •     D-Link DSL-2740R
  •     D-Link DSL-2780B
  •     D-Link DSL-526B

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th