Botnets are all the news once again in IoT security. While botnet attacks target any vulnerable IoT end point device, most of the attacks seen lately have been on routers. The latest botnet attack compromised somewhere around 100,000 routers in Brazil. These botnets were able to modify router DNS settings that redirected e-banking requests to 52 different phishing sites. It appears that the attackers accomplish this using three modules – Shell DNSChanger, Js DNSChanger, and PyPhp DNSChanger, which are all based on the programming languages in which they have been coded.
Over 100,000 routers have had their DNS settings modified to redirect users to phishing pages. The redirection occurs only when users are trying to access e-banking pages for Brazilian banks.
Around 88% of these routers are located in Brazil, and the campaign has been raging since at least mid-August when security firm Radware first spotted something strange.
But according to a new report published last week by Chinese cyber-security firm Qihoo 360, the group behind these attacks have stepped up their game.