More than 300,000 office and home routers infected in new mega-hack

ethernet teeth
Attacks are coming from a different route

Welsh researchers at Team Cymru have revealed a discovery that points towards massive compromises of home and small office wireless routers across the world.

According to its report, Team Cymru has detected changes being made to more than 300,000 devices, including those made by D-Link, Micronet, Tenda and TP-Link.

Among other techniques the hackers are using malicious JavaScript to force infected machines to change the DNS settings of connected routers.

The attacks have been spotted in a number of countries, including India, Italy, Colombia, the UK and Vietnam. The major risk from the infection is that the affected routers have the potential to redirect all devices connected to malicious websites.

Attention needed

Team Cymru says that cybercriminals are targeting the devices as an easier way in compared to attacking computers directly.

This is due to the relative unfamiliarity most users have with router configuration and security, affecting their possible awareness of infection.

Commercial routers used by small businesses are especially prone to the attacks, with the possibility of the infection spreading to numerous computers and devices in a short space of time. A tripwire survey found that 80 per cent of the best selling routers online had exploitable security flaws.

"As embedded systems begin to proliferate in both corporate and consumer networks, greater attention needs to be given to what vulnerabilities these devices introduce," the Team Cymru researchers wrote. "Security for these devices is typically a secondary concern to cost and usability and has traditionally been overlooked by both manufacturers and consumers."