DNS Hijacking Threatens Remote Employees

by Sarah Harvey / April 3rd, 2020

In a recent discovery by Bitdefender, new router DNS (Domain Name System) hijacking attacks have been targeting home routers and redirecting victims to fake coronavirus pages. These attacks have focused on leading people to download applications that are infected with Oski malware. The malware has the ability to extract browser credentials, cryptocurrency wallet passwords, and other valuable information. In a time where many employees are working remotely from home offices, this attack is an even bigger threat to organizations. Without proper secure remote access protocols in place, you’re leaving your employees vulnerable to vicious attacks.

The Attack Explained

Hijacking traffic is possible because hackers are searching for vulnerabilities and brute forcing passwords to gain access to routers’ DNS settings. A brute force attack is a simple method of using bots to guess potential passwords until access is granted. According to Bitdefender and Bleeping Computer, the attacks are targeting both Linksys and D-Link routers. Once the DNS settings are changed, the hackers can redirect victims to any webpage. The false coronavirus webpage involved in this attack claims to share a message from the World Health Organization. Since the domain name looks legitimate, victims can be easily fooled by this attack.

Once the victim opens the file on the webpage, they download the malware and their valuable data can be stolen. Reports claim the attack began on March 18 and, as of March 26, has targeted at least 1,193 victims in the U.S., Germany, and France. As more and more organizations migrate to remote work, the likelihood these attacks will grow in number is high.

What This Means for Remote Security

The Founder and President of KirkpatrickPrice, Joseph Kirkpatrick, when discussing this hack, said, “This is an example of why remote access security is so important right now. Attackers are hitting the soft targets: home routers.” You need to protect your remote employees from the threats that are exploiting vulnerabilities in their own homes. Home routers are more vulnerable than corporate networks because they tend not to follow the same security protocol.

Eventually, the malware on remote devices can find other access points into your network. Your remote employees could potentially be the host for a threat to steal data from your organization. Do you have a secure remote access plan in place to combat these threats? Does it involve the implementation of controls that will mitigate vulnerabilities and prevent attacks such as the DNS hijacking we’ve seen recently? To test your remote access plan, contact KirkpatrickPrice, today!