Ongoing DNS hijackings target unpatched consumer routers
A wave of DNS hijacking attacks that abuse Google’s cloud computing service is causing consumer routers to connect to fraudulent and potentially malicious websites and addresses, a security researcher has warned.
By now, most people know that Domain Name System servers translate human-friendly domain names into the numeric IP addresses that computers need to find other computers on the Internet. Over the past four months, a blog post published Thursday said, attackers have been using Google cloud service to scan the Internet for routers that are vulnerable to remote exploits. When they find susceptible routers, the attackers then use the Google platform to send malicious code that configures the routers to use malicious DNS servers.
Troy Mursch, the independent security researcher who published Thursday’s post, said the first wave hit in late December. The campaign exploited vulnerabilities in four models of D-Link routers, including: