This newly reported mass compromise is the latest in a series of large-scale attacks against home routers that have been uncovered recently. Aside from the online banking attacks in Poland, security researchers also discovered a worm infecting Linksys routers. Recent vulnerabilities in ASUS routers also left thousands of USB-attached hard drives exposed to remote access from the Internet.
"Our research indicates that threats to routers will continue to increase as malicious actors recognize how much information can be gained by attacking these devices," said Craig Young, a security researcher at Tripwire, via email.
Tripwire's research team found security vulnerabilities in 80 percent of the top 25 best-selling SOHO wireless router models available on Amazon.com, according to Young.
"Of these vulnerable models, 34 percent have publicly documented exploits that make it relatively simple for attackers to craft either highly targeted attacks or general attacks targeting every vulnerable system they can find," the researcher said.
Both Young and the Team Cymru researchers advise users to disable remote management over the Internet on their routers and to keep their firmware up to date. If remote administration is absolutely necessary, steps should be taken to restrict remote access to only particular IP addresses. Other recommendations include: changing the default passwords, not using the default IP address ranges for a LAN, logging out every time after accessing the router interface, checking the router's DNS settings frequently to ensure they haven't been modified, and using SSL (Secure Sockets Layer) to access the router's Web interface if the option is available.
Sign up for Computerworld eNewsletters.