Spam doesn't stop at the inbox. Noted cybersecurity expert Brian Krebs, in a blog post from earlier this month, reported that a phishing spree targeting home Internet routers was recently discovered. In the most recent scheme, spammers are collecting online banking credentials and other vulnerable information by emailing links designed to change router settings when clicked.
Tech Week Europe reported the phishing emails appeared to originate from Brazil's largest Internet service provider and were written as warnings of unpaid bills. The attacks zeroed in on owners of UTStarcom and TP-Link routers.
Links contained within the malevolent emails direct users to a decoy page posing as the official site of the Internet service provider. Behind this facade is code that covertly preys on the routers' known weaknesses and compromises the security of everyone connected – even wirelessly – to the router.
The particular strategy behind this hack is what's called a cross-site request forgery attack, otherwise designated as XSRF or CSRF. As Tech Target has explained, a CSRF works this way: a hacker dons the identity of a trusted user in order to breach a web site undetected. This type of invisibility tactic allows the phisher to change the settings of a firewall and reap any desired information.
These types of intrusions can slip under the radar for a long time, as they circumvent most antivirus software.Though the newest scam has affected primarily Brazilian internet users, it's possible for any router to be susceptible to the ploy.
A password change shouldn't be the only safeguard against router phishing, one of the most difficult hacks to detect. The surest prevention measure is to be ready for it when it does happen. Big data security analytics enable timely detection and curb the damage of router phishing scams.
Cybersecurity news and analysis brought to you by ArcticWolf, inventors of firebreak detection and response security services. FireBreak, when your firewall fails.