Quote:Why advanced attackers are interested in your home Wi-Fi access points, and how they maintain control over your devices.
 
A recently disclosed breach of thousands of ASUS home routers goes to show that your home Wi-Fi access point isn’t just useful to you (and possibly your neighbors) — it’s also coveted by cybercriminals and even state-sponsored hackers carrying out targeted espionage attacks. This new attack, presumably linked to the infamous APT31 group, is still ongoing. What makes it especially dangerous is its stealthy nature and the unconventional approach required to defend against it.

That’s why it’s crucial to understand why malicious actors target routers — and how to protect yourself from these hacker tricks.

How compromised routers are exploited

• Residential proxy. When hackers target large companies or government agencies, the attacks are often detected by unusual IP addresses attempting to access the secured network. It’s highly suspicious when a company operates in one country, but an employee suddenly logs in to the corporate network from another. Logins from known VPN-server addresses are equally suspect. To mask their activities, cybercriminals use compromised routers located in the country — and sometimes even in the specific city — close to their intended target. They funnel all their requests through your router, which then forwards the data to the target computer. To monitoring systems, this looks just like a regular employee accessing work resources from home — nothing to raise any eyebrows.
  
• Command-and-control server. Attackers can host malware on the compromised device for target computers to download. Or, conversely, they can exfiltrate data from the network directly to your router.
  
• Honeypot for competitors. A router can be used as bait (a honeypot) to study the techniques used by other hacker groups.
  
• Mining rig. Any computing device can be used for crypto mining. Using a router for mining isn’t particularly efficient, but when a cybercriminal isn’t paying for electricity or equipment, it still pays off for them.
  
• Traffic manipulation tool. A compromised router can intercept and alter the contents of internet connections. This allows attackers to target any device connected to the home network. The range of applications for this technique is broad: from stealing passwords to injecting ads into web pages.
  
• DDoS bot. Any home device, including routers, baby monitors, smart speakers, and even smart kettles, can be linked together into a botnet and used to overwhelm any online service with millions of simultaneous requests from those devices.
  

These options appeal to various groups of attackers. While mining, ad injection, and DDoS attacks are typically of interest to financially motivated cybercriminals, targeted attacks launched from behind a residential IP address are usually carried out either by ransomware gangs or by groups engaged in genuine espionage. This sounds like something out of a spy novel, but it’s so widespread that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and FBI have issued multiple warnings about it at various times. True to form, spies operate with utmost stealth, so router owners rarely ever notice that their device is being used for more than its intended purpose.

Continue Reading...