<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p>One of the <span>most recent </span>campaigns <span>highlighting</span> the importance of router security <span>is</span> Mirai <span></span>(The botnet that had large scale <span>attacks</span> by infected IoT devices)<span>.</span> <span>E</span>ven <span>before</span> this, reports emphasiz<span>e</span><span>d </span>the importance and vulnerability of these device<span>s</span>. For example,<span> Report by</span><span>&nbsp;</span><span>M</span>alware <span>R</span>esearcher<a href="http://malware.dontneedcoffee.com/2015/05/an-exploit-kit-dedicated-to-csrf.html" target="_blank"><span> Kafeine</span></a> <span></span>revealed <span>the </span>use of <span>an </span>exploit kit aimed to exploit routers. Th<span>is</span> method <span>showed </span>Google Chrome users were redirected to a malicious server that loaded code designed to determine router models<span>.</span> <span>(</span><span>While</span> changing the DNS servers configured to the router<span>)</span></p> <!--more--> <p><span>Another </span>recent<span>ly</span> reported attack<span>, </span>targeted at routers <span>and</span> <span>initially </span>reported by<a href="https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/"> Kaspersky</a>, <span>resulted in </span>hijacking the DNS configured to the infected router. This campaign differs from <span> Kafeine</span><span>’s</span><span> because of</span> its initial step<span>:</span> <span>T</span>he <span>download</span> of the malicious app, containing the malware, to an android device by the user. These apps are imitations of well-known Chinese services<span>, </span><span>like</span> <span>B</span>aidu, <span>the </span>Chinese search engine. After the malware is downloaded, it executes a brute-force password <span>predicting</span> <span>the </span>attack on the router’s admin web interfac<span>e. I</span>f it succeeds<span>,</span> it changes the DNS servers configured in the exploited router.</p> <p><span>We</span> recommend chang<span>ing</span> <span>your router passwords </span>if <span>they are </span>similar to the passwords published<span> by </span><a href="https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/">Kaspersky</a><span>.</span></p> <p>Both ThreatSTOP IP Firewall Service and DNS Firewall Service customers are protected from <strong>Switcher</strong> <span>A</span>ndroid <span>M</span>alware if they enable the TS Critical targets in their policies.</p> <p><span>&nbsp;</span></p> <p><span></span><span>ThreatSTOP is proud to announce that </span><span>our DNS Firewall Service has</span><span> won the </span><span>2016 IoT Breakthrough Award</span><span> for IoT </span><span>Enterprise Security Innovation of the Year. </span><span>ThreatSTOP’s IP and DNS Firewall Services deliver scalable, security layers and actionable threat intelligence to existing devices, DNS Servers and firewalls. Read more about </span><span>Threa</span><span>t</span><span>STOP’s services and the IoT award</span> <span style="font-style: normal !msorm;"><em><span><a href="http://bit.ly/2hSVB25">here</a></span></em></span><span>.</span></p> <p>&nbsp;</p> <p>&nbsp;</p></span>
