Cisco routers threatened by drive-by pharming

By Bill Brenner, Senior News Writer 21 Feb 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Symantec and the university said millions of broadband users are at risk for a new kind of attack called drive-by pharming, which targets password weaknesses in the victim's router. Cisco released its own advisory saying that 77 of its routers are susceptible to the attack.

"To help mitigate the risks associated with the type of attack presented in the Symantec paper, Cisco recommends that any default credentials shipped with the device (username/password combinations) be completely removed," the company said.

Router related security: How to protect against port scans Router Expert: Why you need a network services audit What tools can limit users' acess to applications and network resources?

Zully Ramzan, senior principal researcher for Symantec Security Response, said last week that the threat is greatest for those who don't change their default passwords after using them to bring the router online. According to an informal study by Indiana University, up to 50% of home broadband users fail to reset the password after installing their router.

"What worries me if that it's so simple for people to fall for this kind of attack," Ramzan said. "Most people connect to the Internet through broadband today, but they don't adequately protect their routers."

Attackers use this technique by luring the victim to a malicious Web site. Once the user is on that site, the attacker is able to use JavaScript to change the DNS settings on the router.

"This gives the attacker complete discretion over which Web sites the victim visits on the Internet," Ramzan said. "For example, the user may think they are visiting their online banking Web site but in reality they have been redirected to the attacker's site."

Such fraudulent sites are an almost exact replica of the actual site so the user won't likely notice the difference. Once the user is directed to the pharmer's "bank" site and enters their user name and password, the attacker can steal the information and access the victim's account to transfer funds, create new accounts and write checks.

While the threat affects mostly home users, Ramzan said enterprise environments are also at risk.

"A lot of people take their laptops home and work off their home router," he said. "One of the ways people break into networks is by stealing credentials from a compromised laptop."

His advice to users is to reset their router passwords at least once -- the day it is hooked up to the home or office computer system. If the password is changed every few months, that's even better.

Tags: Wireless LAN Design and Setup,  Network Firewalls, Routers and Switches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Wireless LAN Design and Setup Wireless network guidelines for PCI DSS compliance Best Wireless Security Products How to prevent wireless DoS attacks Lesson 4 quiz: How to use wireless IPS Wireless intrusion prevention systems: Overlay vs. embedded sensors Rogue AP containment methods How to monitor WLAN performance with WIPS The role of VPN in an enterprise wireless network Wireless AP placement basics Lesson 3 quiz: Who goes there? Wireless LAN Design and Setup Research Network Firewalls, Routers and Switches How to prepare for a secure network hardware upgrade Best Network Firewall Products What is the difference between static and dynamic network validation? Screencast: Smoothwall offers firewall defense in lean times New Cisco IOS bugs pose tempting targets, says Black Hat researcher How to implement virtual firewalls in a complex network infrastructure How to manage network bandwidth with distributed ISP bandwidth Firewall rule management best practices Should enterprises be running multiple firewalls? What are the disadvantages of proxy-based firewalls?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary evil twin  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary