follow Rene Ritchie here
Vulnerable routers abused to reroute users’ web traffic to phishing websites, install cryptomining scripts, or serve malicious advertising
Prague, Czech Republic / Sydney, Australia, September 4th, 2019 – Earlier in the year, the Federal government agency Australian Cyber Security Centre (ACSC) made an announcement that it is aware of a global Domain Name System (DNS) infrastructure hijacking campaign and released a statement outlining best practices for how organisations can protect their systems.
Cybercriminals use cross-site request forgery (CSRF) attacks to carry out commands without the users’ knowledge, in this case to silently modify the users’ DNS settings to perform phishing and crypto-mining attacks, or attacks via malicious ads. Known router exploit kits used to attack routers include GhostDNS, Novidade, and in April 2019, Avast discovered SonarDNS.
So far in 2019, Avast has stopped more than 70,000 GhostDNS attacks.
The GhostDNS exploit kit is very popular in many parts of the global underground hacking scene and some of its variants belong to the most active exploit kits targeting routers in 2019. The GhostDNS variant Novidade attempted to infect Avast users’ routers over 2.6 million times in February alone and was spread via three campaigns. According to Netlab360, GhostDNS consists of a complex system with a phishing web system, web admin system, and rogue DNS system.
The threat actors behind GhostDNS are trying to increase their attack success rate by scanning routers’ IP addresses via public mass scans. The same rouge DNS servers 195[.]128.124[.]131 and 195.128.126[.]165 detected by @bad_packets’ honeypots were also spotted in other GhostDNS campaigns this year.
DNS hijacking leading to phishing attacks
A router CSRF attack is typically initiated when the user visits a compromised website with malicious advertising (malvertising), which is served using third party ad networks to the site. Avast frequently observes malvertising infections on local websites that host adult content, illegal movies and sports. Just by visiting a compromised site, the victim is redirected to a router exploit kit landing page, initiating the attack on their router automatically, without user interaction, in the background.
In many cases the exploit kits can successfully attack a router due to weak passwords. It first tries to find the router IP on the network, and then attempts to guess the password using various login credentials. Here is the list of top used credentials that common exploit kits try to use:
admin:admin
admin:
admin:12345
Admin:123456
admin:gvt12345
admin:password
admin:vivo12345
root:root
super:super
As one of the consequences, the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites. Most recently, Netflix became a popular domain for DNS hijackers.
“The affected institutions are generally targeted due to their popularity, and the problem is that there is little that a company can do to avoid falling victim, apart from alerting their customers, as the phishing sites are located outside of the company’s domains,” said David Jursa, Threat Intelligence Analyst at Avast.
Malicious ads and cryptomining attacks
Aside from phishing, cybercriminals use DNS hijacking to replace legitimate ads with malicious ads. For example, cybercriminals can hijack ad platforms, such as Outbrain, which can be integrated into websites to serve ads to website visitors. If the ad platform’s server address is hijacked on the users’ router, the user will see malicious ads. These may, for example, try to trick users into downloading more malware, or to direct them to unsolicited websites with shady or illegal content.
Moreover, Avast threat researchers have also seen cybercriminals use DNS hijacking to push malicious cryptomining scripts to a users’ browser, so that the users’ machines can be abused in order to mine crypto coins. This activity can also lead to high energy bills, and a shortened life cycle for affected devices.
Staying protected
David Jursa continues: “Users should be careful when visiting their bank’s website or Netflix, and make sure the page has a valid certificate. They can do this by checking for the padlock in the browser URL bar. Additionally, users should frequently update their router’s firmware to the latest version, and set up their router’s login credentials with a strong password.”
People can find out whether their router is infected by using the Avast Wi-Fi Inspector feature, which is part of Avast Free Antivirus and all of Avast’s paid antivirus versions, which also includes Avast Web Shield, a core shield that protects users from CSRF attacks.
About Avast
Avast (LSE:AVST) is the global leader in digital security products. With over 400 million users online, Avast offers products under the Avast and AVG brands that protect people from threats on the internet and the evolving IoT threat landscape. The company’s threat detection network is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, OPSWAT, West Coast Labs and others. Visit: www.avast.com.
Epson presents truly immersive projection experience at Integrate 2019
On stand i12
SYDNEY, 21 August 2019 – This year’s Integrate Expo will see, amongst many other exciting areas, Epson Australia demonstrate a unique 270-degree immersive video environment that will house multiple L-Series projectors using cutting edge technology in a seamless edge-blended experience.
These amazing projectors will be housed in a custom-created structure built by Igloo Vision, a company that specialises in creating unique and bespoke audio visual environments.
As a result, the combination of Epson’s projectors and Igloo’s structure will create a completely unique dark environment with content, including the latest geo-mapping, so real that attendees will almost believe they have been transported overseas.
Alongside the immersive video environment will be Epson’s “Size Matters” display area where visitors will experience the new 7,000 lumen EB-L1070U paired with the ELPLX01 ultra short throw lens for an incredibly large display from just a half metre away.
The new 7,000 lumen EB-L1070U
Visitors will also be able to see exactly why ‘Size Matters’, particularly for education and corporate environments, by comparing different screen sizes and viewing angles on the stand.
Epson’s LightScene™ laser projectors have taken the market by storm as they present a new way to create immersive and interactive experiences that engage customers with products and brands in retail, hospitality and entertainment. At Integrate the LightScene EV-100 projectors will demonstrate real-time, real world examples of just what’s possible in these markets.
Epson has also collaborated with Avery Dennison to create a dynamic retail display using Vela switchable film and an ultra-short throw projector at Integrate 2019. This digital signage solution can showcase products behind a wall of glass that can be switched between clear and opaque, allowing you to project on to the surface for a unique retail experience.
There’s more display brilliance too for those wishing to view the stunning colours of 3LCD rendered on over 8 million pixels by the new EB-L12000Q native 4K 12,000 lumen projector.
EB-L12000Q native 4K 12,000 lumen projector.
Not only that, but also powered by breakthrough laser technology, the interactive EB-1485Fi projector will demonstrate how you can transform yesterday’s conference room into tomorrow’s collaborative meeting space and feature a new 16:6 ultra-widescreen display.
EB-1485Fi
This will sit alongside stunning images created from the EB-L30000U projector, Epson’s brightest 3LCD laser projector with 30,000 lumens.
All-in-all Epson’s Integrate 2019 stand will be a plethora of light and display. To see all of the above in action visit Epson stand i12 at this year’s Integrate Expo from 27-29 August at the Melbourne Convention and Exhibition Centre.
For more on Epson projectors go to: https://www.epson.com.au/products/projectors/
Picture credits
The new 7,000 lumen EB-L1070U projector
The EB-L12000Q native 4K 12,000 lumen projector
The interactive EB-1485Fi projector
Follow Epson on social media:
Facebook: @EpsonAustralia
Twitter: @EpsonAust
Instagram: @EpsonAust