Attackers Target Home Routers with DNS Hijacking

Hackers have been breaking into home routers to change DNS server settings and hijack the traffic to redirect it to malicious sites, according to Troy Mursch, security researcher for Bad Packets. Researchers have detected different types of attacks that are targeting consumer routers, all of which were reportedly traced back to hosts on the Google Cloud Platform (AS15169) network. Mursch detailed three different waves of findings, which started in December 2018. In the most recent wave, discovered on March 26, “attacks came from three distinct Google Cloud Platform hosts and targeted additional types of consumer routers not previously seen before.” According to Mursch, determining the scope and scale of these attacks is virtually impossible unless researchers use the tactics employed by the malicious actors. “We have suspended the fraudulent accounts in question and are working through established protocols to identify any new ones that emerge. We have processes in place to detect and remove accounts that violate our terms of service and acceptable use policy, and we take action on accounts when we detect abuse, including suspending the accounts in question. These incidents highlight the importance of practicing good security hygiene, including patching router firmware once a fix becomes available," wrote a Google Cloud spokesperson.