Here at The Defence Works, we’re often asking to provide our input into breaking news. This week has been no different, with Forbes reaching out to us in light of the breaking D-Link Home Routers hijacking news story – to offer some practical, easy-to-understand, tips on how to secure your home router.
What is DNS Hijacking?
DNS hijacking is a serious matter.
If the router is hacked – and the DNS settings are modified – then the cyber-criminals can effectively direct your normal traffic to malicious servers, meaning instead of visiting a clean site, you’ll be visiting a compromised one.
Safe to say, this will result in your privacy being compromised and could lead to a host of serious issues, including identify theft, as well as capturing sensitive information such as banking details.
What’s been kicking off?
Forbes reported on a spate of recent attacks targeting home routers, according to security researchers at Bad Packets. The researchers identified three waves which took place between December last year and the end of March this year. In particular, specific models of routers have been targetted as detailed more in the Forbes article.
Securing your home router
As the Forbes article details, “this type of attack is becoming more prevalent” and article contributor, Jake Moore (cybersecurity expert at ESET) commented:
“Typically, routers are forgotten about in the home. Patches are sent out routinely and are available for a reason. People tend to leave router and admin passwords default so when it comes to system patches, they are obsolete from the start”.
Securing your router doesn’t need to be a mammoth task and they are some easy steps to take to help mitigate the risk:
- First things first, check if your router has been compromised already. You can make use of some of the free resources to help check if your router has any signs of DNS hijacking (F-Secure provide a free tool that can assist), but the rogue DNS servers in this campaign are/were 220.127.116.11, 18.104.22.168, 22.214.171.124 and 126.96.36.199 – so if the routers settings appears to have been tampered with, it’s important to change them to one of the legitimate, public DNS resolvers.
- Change the default admin username and password for your router – every cyber-criminal worth their salt knows the factory defaults for devices, so be sure these have been changed as a matter of priority
- The usual firmware update advice applies here – make sure the router’s software is updated as they’re made available, as these often contain important security patches
- It’s important, as always, to avoid clicking on any suspicious links, whether that be via email or on social media and keep your eyes peeled for any websites that might be untrustworthy.
- Stay alert – if you’re accessing a website your familiar with, keep an eye out for unusual pop-ups or anything that seems out of place.
You can read the full Forbes article here.