A massive Hack of Mass Destruction has been unleashed on routers primarily in Asia. Discovered by Team Cymru, this attack is believed to have affected over 300,000 devices, primarily in Vietnam, India and Italy. The attack modifies the DNS settings on the compromised routers, and points them to DNS servers that are controlled by criminals.
At this time, it doesn’t appear that the DNS servers that are being used are doing anything malicious. This is possibly the intent of the criminals. It’s very different from the experience with another large Hack of Mass Destruction, the attack on Polish banks where the DNS servers mis-resolved the addresses of Polish banks to attempt to steal money. Perhaps these servers are being prepared for a future attack that is yet to come.
The devices that have been compromised in this attack come from several vendors, including:
These devices are vulnerable to multiple exploit techniques, including a disclosed authentication bypass vulnerability in ZyXEL firmware, as well as Cross-Site Request Forgeries (CSRF).
Team Cymru sums up what they believe the future of such attacks may be when they say:
As the bar is increasingly raised for compromising endpoint workstations, cyber criminals are turning to new methods to achieve their desired goals, without gaining access to victims’ machines directly.
More information about this attack can be found in the Team Cymru Whitepaper, which you may download here.