Threat attacks targeting home routers increased fivefold

In the first quarter of 2018, the number of cyber attacks against consumer-grade routers increased sharply, most of which were in fields such as education, construction, and biotechnology. The reason is that in our daily use, routers in these fields are highly concentrated and data transmission is intensive.

[[236064]]

Cyberattacks on consumer routers increased fivefold in the first half of the year

Attacks targeting routers have increased by 539% since the fourth quarter of 2017. The high number of attacks indicates that routers in some industries are frequently used and transmit a large amount of data. According to the investigation, cyber attackers are conducting cyber attacks by using legitimate Microsoft binaries, such as PowerShell and MSHTA, which are often used as tools to download and spread malicious code in the initial stage of malware infection.

According to the survey, MuieBlackCat and ZmEu scanners were among the most popular tools in the first quarter, as they are both used to find vulnerabilities in PHP-based web servers. Researchers said that threat actors also use OpenVAS and NMAP scanners as tools to search for vulnerabilities.

Hackers often use software that we use every day to attack

"The prevalence of brute force attacks and outdated exploit attempts means that highly automated, low-capability threats are flooding the Internet's traffic," researchers said in the report. Most attacks on consumer routers involved information-gathering scans and intrusion attempts. The total number of router intrusions increased by 36% compared to last year, largely due to the exploitation of DNS manipulation vulnerabilities in consumer routers.

At the same time, researchers also pointed out that while phishing attacks only accounted for a small portion of the total number of attacks observed, they maintained a fairly consistent success rate and often led to complete network compromise if not quickly resolved. Across all industries, phishing attempts increased by 39%, with the majority of attacks using DocuS transfers, Office 365 and OneDrive.

To prevent this attack, users are advised to log Powershell activity on the network, block Word document macros, tighten user permission settings, implement application whitelisting, and keep antivirus defenses up to date.