Hackers are targeting unpatched routers from Dasan and D-Link in a new wave of attacks. The attack saw a 3,000 device botnet target D-Link DSL-2750B and Dasan GPON routers. Threat Intelligence company eSentire believes that the hackers were looking to expand their botnet. It published the details in a blog and a threat advisory.
The eSentire blog states: “A successful recruitment campaign has the potential to arm the associated threat actor(s) with DDoS artillery and facilitate espionage of private browsing habits. Botnets built using compromised routers may eventually be offered as a service to other threat actors, used for extorting DDoS victims among other uses.”
The attack targeted two known vulnerabilities on the Dasan GPON routers- CVE-2018-10561 and CVE-2018-10562. The D-Link DSL-2750B is also susceptible to command injection attempts that are part of the CVE-2018-10562 attack.
Both vulnerabilities were reported in May and there is, as yet, no official patch for either. A search on the Internet shows that vpnMentor issued an unofficial patch for the Dasan GPON routers in May.
Both of these CVEs are listed as being critical vulnerabilities. The impact of a successful attack:
- Allows unauthorized disclosure of information
- Allows unauthorized modification
- Allows disruption of service
What does this mean
This is an attack on consumer grade routers so many corporate IT departments are likely to be unconcerned. However, with an increasing number of people working from home, the attack has implications for the enterprise. Compromised routers will allow the hackers to monitor traffic flowing across the router.
This is not just about remote workers. There is a risk to smaller third-party suppliers who may not be using expensive enterprise grade routers. IT security teams should consider a warning to all sub-contractors, small third-party suppliers and home users. While there is no official patch, warning users could prevent a successful attack.
As hackers look to build botnets capable of launching large-scale DDoS attacks, they are increasingly going after consumer grade and technology in the home. Expect to see more attacks in the coming months.
