Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Routers Threat. Show all posts
Routers Threat
Cloud Credentials Cyber Security data security Data Theft Hijacking attacks Router vulnerability Routers Routers Threat

New Cuttlefish Malware Hijacks Router Connections, Cloud Data Stolen

 

In the ever-evolving landscape of cybersecurity threats, a new menace has emerged: Cuttlefish. This sophisticated malware targets enterprise-grade and small office/home office (SOHO) routers, posing a significant risk to both businesses and individual users alike. 

Discovered by Lumen Technologies' Black Lotus Labs, Cuttlefish operates by infecting routers and creating a proxy or VPN tunnel to stealthily exfiltrate data. By doing so, it bypasses security measures designed to detect unusual sign-ins, making it particularly insidious. One of the most concerning aspects of Cuttlefish is its ability to perform DNS and HTTP hijacking within private IP spaces. 

This interference with internal communications can disrupt organizational workflows and potentially introduce additional payloads, compounding the damage caused by the initial infection. While Cuttlefish shares some code similarities with HiatusRat, a malware previously associated with Chinese state interests, there is no definitive link between the two. Attribution remains challenging, further complicating efforts to combat this threat effectively. 

According to Black Lotus Labs, Cuttlefish has been active since at least July 2023, primarily targeting users in Turkey. However, infections have been reported elsewhere, impacting services such as satellite phones and data centres. The exact method of initial infection remains unclear, but it likely involves exploiting known vulnerabilities or brute-forcing credentials. Once inside a router, Cuttlefish deploys a bash script to collect host-based data and download its primary payload. 

What sets Cuttlefish apart is its adaptability to various router architectures, making it a versatile threat capable of targeting a wide range of devices. Once executed, the malware monitors all connections passing through the router, searching for specific data such as usernames, passwords, and tokens associated with cloud services like AWS and Digital Ocean. Once this data is captured, Cuttlefish exfiltrates it to the attacker's command and control (C2) server using a peer-to-peer VPN or proxy tunnel.

Additionally, the malware can redirect DNS and HTTP requests to actor-controlled infrastructure, enabling further data interception and manipulation. Cuttlefish severely threatens organizations worldwide, allowing attackers to bypass traditional security measures and dwell undetected within cloud environments. Network administrators should take proactive steps to strengthen their defences to mitigate the risk posed by Cuttlefish and similar threats. 

This includes eliminating weak credentials, monitoring for unusual logins, securing traffic with TLS/SSL encryption, and inspecting devices for signs of compromise. Additionally, regular router reboots, firmware updates, and password changes are recommended for SOHO router users to prevent exploitation.  

Cuttlefish represents a significant escalation in cyber threats, underscoring the importance of robust cybersecurity practices and constant vigilance in today's digital landscape. Organizations can better protect themselves against emerging threats like Cuttlefish by staying informed and implementing proactive security measures.
Read more »
Routers Threat
Business Network Cyber Attacks cyber threat CyberCrime ESET Routers Routers Threat

A Corporate Secret is not Destroyed, it's Discarded: Threat of Old Routers

 



Many business network environments probably experience the process of removing a defunct router from a rack and accommodating a shiny refurbished replacement now and then. The fate of the disposed router should be as significant, if not more so, as the smooth transition and delivery of the upgraded kit into the rack. The truth is, however, that this is not always the case. 

Home and business security are threatened by security issues stemming from vulnerabilities in routers. These threats can extend beyond email compromises to security breaches in physical homes. However, despite this, people rarely consider security as a concern when using their devices. According to research, approximately 73% of Internet users never consider upgrading their router or securing their system. Therefore, it can be considered one of the major threats to the Internet of Things.

It surprised the ESET research team that in many cases, previously used configurations had not been wiped away when they purchased a few used routers to setup a test environment, causing them to be shocked upon realizing the data on the routers could be used as a source of identification along with the network configurations of the prior owners. 

The researchers purchased 18 used routers made by three popular vendors: Cisco, Fortinet, and Juniper Networks, in a variety of models. Nine of them were found exactly the way their owners left them, fully accessible. Only five of the remaining ones had been properly wiped by their owners. One of the devices was encrypted, one was dead, and the other was a mirror copy of an encrypted device.  

All nine devices left uncovered appear to contain credentials for the organization's VPN. They also contained credentials for another secure network communication service, or hashed passwords for root administrators of the organization. The identifying data included in all of them was sufficient to identify the previous owner or operator of the router. In addition, it enabled router identification.  

Data gathered from these devices could be used to launch cyberattacks – including customer data, router-to-router authentication keys, list of applications, and several other things, if this data is put into the wrong hands. An attacker could have gained access to a company's digital assets by gaining the initial access necessary to research where they are located and what they might be worth. 

An Internet router serves as the hub of an entire home network. This is where all elements of a smart home are connected to the Internet and share information between them. 

When an attacker infects a router, he or she gains access to the network by which data packets are transmitted. This is the network through which the router operates. By doing this, they can install malicious software on the victims' computers, allowing them to steal sensitive data, private photos, and business files. This is potentially irreparable damage to them as a result of this maneuver. Using the infected router, the attacker can redirect users to phishing websites that look exactly like popular webmail and online banking sites. 

KELA Cybercrime Prevention, a cybercrime prevention company that specializes in cybercrime prevention technologies, has found that the average price for access credentials to corporate networks at the time of the initial unauthorized intrusion is $2,800. This price is based on KELA Cybercrime Prevention research. Considering that a used router purchased for a few hundred dollars could provide a cybercriminal with a significant return on investment, a cybercriminal could purchase a used router for a few hundred dollars out of pocket and use it immediately to access the network with little effort. It is assumed that they will simply strip off the access data and sell it on the dark web instead of launching a full-scale cyberattack themselves, although that may very well be the case. 

As a result of the findings of the ESET researchers, organizations may believe that they are conducting business responsibly by contracting with a device-management firm outside their own. 

Those in the e-waste disposal business, or even device-sanitization services that promise to wipe large volumes of corporate devices for resale can be counted on to take care of that for you. 

On the other hand, it may be that these third parties are not performing whatever they claim in practice. Considering that mainstream routers come with encryption and other security features, more organizations might benefit from them to mitigate the negative impacts of fallout should devices that have not been wiped end up roaming the world with no security features. 

Ensure that your router is protected from cybercriminals' attacks by following these steps:

  • There are risks associated with buying second-hand smart appliances. Previous owners of such products may have modified the alarm system firmware so that a remote attacker can collect all the data.
  • It is very important that you change the default password of your account. You should choose a complex password and change it regularly.
  • On social networks, you should not share serial numbers, IP addresses, or other sensitive information concerning your smart devices. 
Read more »
Subscribe to: Posts (Atom)