SANS INTERNET STORM
CENTER ANALYSES
SPREAD OF ROUTER
ATTACKS IN ME
Johannes Ullrich, Dean of Research at SANS Institute
and founder of the Internet Storm Center, discusses the
cybersecurity risk to routers and the trends his team
has seen in the Middle East.
T
hese days, any
unprotected or
inadequately
protected device
exposed to the
Internet is at
risk of attack
from cybercriminals. This includes
routers that businesses and individuals
alike use to connect to high-speed
Internet connections, either via DSL or
wireless (LTE). These are a popular and
frequent target of attackers, since they
are often easily attacked via exposed
administrative control panels.
Once an attacker gets access to a
device, the owner is less likely to
notice the infection than on a desktop
computer. Desktop computers usually
have anti-virus installed to warn the
user about malicious code and the
performance impact of malware is more
likely to be noticed.
An infected router can easily be used
to intercept traffic from the network or
84
to inject malicious content into traffic
passing through the router. For example,
an attacker can then wait until a user
downloads an update and replace the
update with malicious code.
Working in collaboration with DShield.
org, SANS Internet Storm Center (SANS
ISC) has been collecting reports from
the routers of a large global network of
volunteers since 2001 to analyse and
provide early detection of specific attacks.
Cybercriminals can
use the access
they have gained
to these devices to
then intercept traffic
passing through it.
Johannes Ullrich, Dean of Research at
SANS Institute and founder of the Internet
Storm Center
These volunteers operate sensors
on their routers that detect unwanted
traffic directed at these sensors. Ever
since 2001, we have seen that a large
percentage of these scans originate from
compromised systems that are used by
cybercriminals to find new victims.
Indeed, by analysing this data over
the last few years, the SANS ISC has
observed the rapid spread of botnets
like Mirai and Satori. These botnets seek
to connect to unprotected Internet of
Things devices – like security cameras
and digital video recorders that are
exposed on the Internet – and to then
infect them.
They also attack unprotected routers.
More recently, widespread attacks
Issue 03
|
www.intelligentciso.com