In mid-December 2013 cyber criminals targeted over 30,000 wireless routers in India, altering the configuration of these devices in order to redirect the victims’ requests and subsequently replacing the devices with IP addresses and domains controlled by the attackers.
By bringing one router under control, attackers can redirect traffic for every device in that network.
Team Cymru’s intelligence services that unearthed the issue in January 2014 said over 3 lakh devices worldwide were compromised by attackers in Europe and Asia.
The highest number of compromised devices are in Vietnam followed by India, Italy and Thailand. The affected routers were both small office and home class devices that provided wi-fi connectivity, local DNS and DHCP services to customers and were not using default passwords.
Team Cymru said they have informed law enforcement agencies regarding the attack, though no response has been received so far.
The threat analysis of the attack revealed that devices vulnerable to simple password guessing and having graphical user interfaces were attacked to compromise and steal data from all the systems connected to the router. Investigators said it was done by injecting null password in the devices’ web interface.
Examining the attacks in Poland, the Intelligence cited report of CERT Poland suggested that banking customers were being targeted while connecting to polish banking websites using a similar modus operandi.