PayPal, Netflix, Gmail, and Uber users among targets in new wave of DNS hijacking attacks

The purpose of these attacks is to modify DNS settings in the routers to point to unauthorized webpages that skim user input data.


A user’s home router is his connection point to the Internet and, generally, does some of the DNS resolution work.

1. Kaspersky

日本語訳がおかしいと思ったが、英文もダメだった。-- ToshinoriMaeno 2019-05-07 14:11:58

Marina Mash

7 posts

Share Phishing without borders, or why you need to update your router April 29, 2019 https://www.kaspersky.com/blog/hacked-routers-dns-hijacking/26802/

https://blog.kaspersky.co.jp/hacked-routers-dns-hijacking/23100/ (この訳がおかしい)

2. 原文

What is the most common threat across cyberspace these days? It’s still phishing — there’s nothing new under the sun. But today’s router-based phishing doesn’t require you to fall for a hoax e-mail message. In fact, you can follow a whole bunch of standard rules — avoid using public Wi-Fi, hover over links before clicking, and so forth — but in the situation we discuss here, those rules won’t help. Let’s take a closer look at phishing schemes that involve hijacked routers.

How routers end up being hijacked

In general, there are two basic ways to hijack a router.

The first approach is to take advantage of default credentials. You see, every router has an administrator password — not the one you use to connect to your Wi-Fi, the one you use to log in to the router’s administrator panel and to change its settings.

Although users can change the password, most leave it unchanged. And when we keep the default password set by a router’s manufacturer, outsiders can guess — or sometimes even Google — it.

The second approach is to exploit a vulnerability in a router’s firmware (of which there is no shortage) that allows a hacker to take control of the router without any password at all.

How hijacked routers can be exploited for phishing

After taking over your router, attackers modify its settings. It’s a tiny, unnoticeable change: They change the addresses of the DNS servers the router uses to resolve domain names. What does that mean, and why is it so dangerous?

Thing is, the DNS (Domain Name System) is the pillar of the Internet. When you enter a website address in your browser’s address bar, your browser doesn’t actually know how to find it, because browsers and Web servers use numerical IP addresses, not the domain names that humans are used to. So, the act of getting to a website looks like this:

MoinQ: DNS/hijacking/対象分類/ルーター (last edited 2023-09-16 04:55:05 by ToshinoriMaeno)