There have been a number of unusual hacking techniques employed in Brazil recently. A group of hackers have used a “novel approach” to pull off a pharming attack by using phishing emails, as stated by security firm Proofpoint.
A pharming attack usually requires access to an ISP’s or organisation’s DNS servers, which are typically well-protected. However, home routers are not. Still, there is a matter of getting the right IP address of a user or group of users. This problem appears to have been solved with the help of 100 phishing emails targeting mostly Brazilian users, allegedly stated to come from Brazil’s largest telecommunications company.
“This case is striking for several reasons, not the least of which is the introduction of phishing as the attack vector to carry out a compromise traditionally considered purely network-based,” the company wrote, adding that it showed “the continued pre-eminence of email as the go-to attack vector for cybercriminals.”
The content of the emails has been said to have a malicious link which would redirect a user to a server that attacked their router, having it set up to exploit cross-site request forgery vulnerabilities in routers. A successful attack would have granted the hacker access to the router’s administration panel, where he could enter the default login credentials and change the router’s DNS. Victims could then be redirected to fraudulent websites, while hackers could even perform a man-in-the-middle attack, such as intercepting email, logins and passwords for websites, and hijacking search results, among other things.
Though some users change their login credentials once they set up their router, most users who are not well acquainted with technology might not, making them more vulnerable to attacks such as the above.
Thank you Computer World for providing us with this information