Blog

A new critical vulnerability has been discovered that is affecting Linksys home routers

Linksys wireless users forced to reset their passwords after a researcher discovered a critical software vulnerability in March 2020.

Linksys routers are being targeted in a cyber attack that changes the router config. The config change redirects the user to a coronavirus website that downloads malware.

Attackers are exploiting a vulnerability in the Linksys Home Smart Wi-Fi application.  The Linksys Home Smart Wi-Fi application is a password-protected webpage that allows customers to easily manage their Wi-Fi and router settings. Attackers can gain access to the Linksys Smart Wi-Fi account with credential-stuffing attack.

Once an attacker has gained access to the router, the attacker can change the DNS routing function so victims would be redirected to any malicious website of the attackers choosing.

 

Linksys is notifying customers over the flaw and forcing customers to reset their router passwords.

‌Unprecedented spike in cyber-attacks hits SA since the country went into a lockdown‌

South Africa has seen an unprecedented rise in cyber-attacks on IT Infrastructure since President Cyril Ramaphosa initiated a countrywide lockdown

Attacks increased tenfold from about 30,000 devices affected daily before the announcement and up to 305,000 devices in the preceding days that followed.

According to Maher Yamout, a senior security researcher for Kaspersky, the attacks varied, however, up to a third were brute-force attacks — in which attackers attempt various password combinations to penetrate an account or system.

Kaspersky reiterated several security tips, including using strong passwords, not sharing passwords and avoiding unprotected or public Wi-Fi, and making use of multi-factor authentication where possible.

“In reviewing this spike, it certainly reinforces the need to institute critical security measures for remote working strategies, to ensure effective protection,” said Yamout.

Law firm Cliffe Dekker Hofmeyr has advised companies to adopt an information security policy and ensure that employees adhere to it. It advised that employees, among others, use VPNs, steer clear of suspicious links or e-mails, and refrain from sharing documents or confidential information on public platforms.

Furthermore, we at MDM Technologies recommend keeping your system(s)/device software up to date, test for misconfigurations and have a vulnerability management solution put in place. Contributing back society in fighting the Covid-19 outbreak, we are offering clients a free Vulnerability Assessment – Keeping companies safe from hackers exploiting the Covid-19 outbreak

The South African Banking Risk Information Centre (Sabric) has also advised South Africans to be vigilant as it expects attacks to increase. These attacks, said Sabric, ranged from malicious websites and spam e-mails to phishing scams and fake charities, as well as internal communications.

 “These new scams include spoofed e-mails offering products such as masks, or fake offerings of vaccines, leading to phishing websites,” Sabric said in a statement.

Kaspersky said it believed the spike indicated cybercriminals may have turned their focus to Southern Africa given the current circumstances. It warned remote working presented an opportunity for cyber criminals, especially for those who do not have adequate security measures in place.