Latest news with #GreyNoise
Forbes
3 days ago
- Politics
- Forbes
Brute-Force Router Login Attacks Confirmed — What You Need To Know
AyySSHush campaign targeting thousands of routers confirmed. Thousands of routers worldwide have been targeted by a sophisticated campaign that leverages a two-year-old vulnerability, authentication flaws, and brute-force attacks. The researchers who uncovered the AyySSHush attacks have suggested it is likely the work of a nation-state threat actor. Here's what you need to know. The as-of-yet unidentified threat actors behind the AyySSHush campaign have targeted routers from major manufacturers, with at least 9,000 ASUS router models known to have already been compromised, using a stealthy and persistent backdoor that can survive firmware updates and reboots. State-sponsored hacker groups are known to have been behind everything from Windows password-stealing attacks, targeting presidential political campaigns, and even ransomware attacks against predominantly Western targets. Espionage, however, is one of the primary drivers of these hackers working in tandem with government resources. And what better way to get a data eavesdropping foothold than to compromise a router? Researchers at GreyNoise have reported that just such a sophisticated compromise campaign, that is said to be consistent with such advanced persistent threat actors, although it cannot attribute it to a specific group at this point in time, 'the level of tradecraft suggests a well-resourced and highly capable adversary,' the report stated. Although the GreyNoise research has confirmed that at least 9,000 ASUS routers have been compromised to date, and the number is increasing all the time, it has been reported that other routers from other major vendors such as Cisco, D-Link, and Linksys have also been targeted by AyySSHush. The researchers explained that attackers gain initial access through brute-force login attempts, along with authentication bypass techniques that exploit known vulnerabilities that owners have yet to patch. They then insert a public key that is under their control for remote access. While no malware is installed, the backdoor itself 'is stored in non-volatile memory and is therefore not removed during firmware upgrades or reboots,' GreyNoise warned. I have reached out to ASUS for a statement. "Even something as mundane as a router becomes a strategic asset once it gains long-term identity in a threat actor's infrastructure,' Wade Ellery, field chief technology officer at Radiant Logic, said. Which is why, at the organizational level at least, real-time identity-aware telemetry across all assets, including those routers, is essential. Debbie Gordon, CEO at Cloud Range, meanwhile, wanted that the campaign highlighted a dangerous shift in attacker strategy from quick hits to long-haul persistence. 'AyySSHush's ability to survive factory resets and firmware updates is a wake-up call,' Gordon said, 'edge devices like routers are no longer low-value targets.' With both SoHo and consumer routers targeted by this latest attack, routers can no longer be treated as set-and-forget devices.
The Sun
3 days ago
- General
- The Sun
Urgent WiFi warning as 1,000s of top-brand routers hacked in mystery attack that drags your internet into crook's ‘army'
Douglas Simpson Published: Invalid Date, EXPERT analysts have discovered a massive hack affecting Wi-Fi routers with thousands already compromised. Analysts who uncovered the hack said it has already impacted over 9,000 devices and is still ongoing. 3 3 So far only Asus routers have been hit by the hackers who seem to be adding the devices to their "army" after gaining control. It remains unclear what the internet crooks intend to do with the nearly 10,000 routers they have gained control over. The hack was detected by an AI system known as "sift" in March, this led analysts to investigate. Working for cybersecurity platform GreyNoise Enterprise, who designed the AI, analysts quickly identified and named the hack. The firm collects and analyses Internet-wide scan and attack data to provide insights into potential threats. The attack has been dubbed "ViciousTrap" by security experts who are monitoring the ongoing situation. Attackers stealthily accessed the routers over a period of time with their access seemingly immune to reboots and firmware updates. This gives the hackers control over the affected devices that is hard to block or remove. Despite the hack being identified the number of devices being affected is still rising indicating that the hack has not been stopped. Experts have said the hack is essentially invisible with little to no trace that devices have been affected. The reason why the attackers are building their army of routers is still a mystery. Asus has addressed the weaknesses that initially granted the hackers access to their routers. How to stay safe from hackers Protect your devices and networks by keeping them up to date: use the latest supported versions, use anti-virus and scan regularly to guard against known malware threats. Use multi-factor authentication to reduce the impact of password compromises. Tell staff how to report suspected phishing emails, and ensure they feel confident to do so, investigate their reports promptly and thoroughly. Set up a security monitoring capability so you are collecting the data that will be needed to analyse network intrusions Prevent and detect lateral movement in your organisation's networks. A GreyNoise report on the hack said: "The techniques used reflect long-term access planning and a high level of system knowledge." Government authorities were notified of the hack shortly after it was discovered. Routers are always exposed to the Internet, and move significant amounts of highly valuable data, making them actively sought after targets for hacks. Experts are recommending performing a complete factory reset on Asus routers that may be affected. Following the reset experts are urging users to update their router firmware and reconfigure their devices manually. Updating routers to the latest firmware from or after May 27 can protect unaffected routers from falling victim to the hack and help remedy already affected routers. No source for the hack or a reason behind it have been identified yet.
CNET
4 days ago
- Business
- CNET
Thousands of Asus Routers Have Been Hijacked, But I Wouldn't Panic Just Yet
Your Asus Wi-Fi router may have been hacked, according to a new blog post from the cybersecurity firm GreyNoise. As of May 27, over 9,000 Asus routers have been confirmed compromised in what the firm characterizes as an 'ongoing exploitation campaign.' GreyNoise has been tracking the attack since Mar. 17. In the months since, they've only seen 30 requests related to the attack, which indicates how quietly the campaign is operating. The attackers have maintained access to affected routers even after reboots and firmware updates, 'giving them durable control over affected devices,' the blog post says. While that sounds pretty scary, you probably don't need to replace your router just yet. Your personal data isn't the target in attacks like these. Instead, the attacker uses infected devices as pawns in a larger game. 'These compromised IoT devices, like smart cameras or a router, have enough computational power that you can use networks of tens of thousands of them to do a denial of service attack,' Yuvraj Agarwal, a computer science professor at Carnegie Mellon, told CNET. Locating local internet providers He compared it to the infamous Mirai botnet attack from 2016 that temporarily took down websites like Twitter, Netflix, Reddit and Pinterest. 'It's not trying to compromise your laptop or your iPhone, right? That's not what it's doing,' Agarwal added. 'Users would have to ignore a few different safeguards for them to be vulnerable to somebody stealing their credentials.' GreyNoise didn't say exactly where it thinks the attack is coming from, but did note that 'the level of tradecraft suggests a well-resourced and highly capable adversary.' The Cybersecurity and Infrastructure Security Agency (CISA) has named China, Russia, North Korea and Iran as likely actors in similar attacks in the past. Few Wi-Fi routers have been immune to such breaches. CISA keeps a list of Known Exploited Vulnerabilities (KEV) that have been observed in the wild, and almost every router manufacturer appears on there somewhere. 'We find stuff in everything," said Thomas Pace, CEO of cybersecurity firm NetRise and former security contractor for the Department of Energy, in a previous interview. 'The problem with the CISA KEV [list] is, if everything's on the list, how good is that list?' Pace added. 'Basically, every telecommunications device on the planet has at least one vulnerability on the CISA KEV.' While it first observed the attack in March, GreyNoise said it waited until now to release its findings so it could coordinate with government and industry partners. A representative for Asus declined CNET's request for comment on this story and referred me to their product security advisory page for the latest updates. What to do if you own an Asus router In most attacks, the router manufacturer can issue a firmware update that fixes the vulnerability. But in this case, the attackers exploited a security flaw that allows them to retain backdoor access even after reboots and firmware updates. 'Because this key is added using the official ASUS features, this config change is persisted across firmware upgrades,' GreyNoise noted in another post. 'If you've been exploited previously, upgrading your firmware will NOT remove the SSH backdoor.' The steps you'll need to take to find out if your router has been compromised -- and potentially fix it -- are fairly technical, so bear with me here. Log into your router's firmware. You can do this via the Asus app or by going to Find the "Enable SSH" option under Service or Administration settings. If your router was breached in this campaign, these settings will show that someone can log into it using SSH over port 53282 with a truncated SSH public key of: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo41nBoVFfj4HlVMGV+YPsxMDrMlbdDZ... If your router hasn't been infected, your next step will be to update the firmware immediately. Asus fixed the flaw with its latest update, which should take care of it. If your router has been infected, the backdoor will still be there even if you update the firmware. In that case, you'll need to follow these steps to block unauthorized access:
The National
27-02-2025
- Entertainment
- The National
Weekly UAE museum and gallery guide: From art inspired by Emirati heritage to one created from chicken wings
This week's round-up of exhibitions is filled with artworks crafted from unexpected objects. From a satirical reflection of the fast-paced lifestyle in a contemporary city to a porcelain tribute to a work by the 13th century poet Rumi, here are three exhibitions to see this week. Lantian Xie is an artist who has a penchant for producing artworks that use unconventional materials to reflect upon experiences in a contemporary city. His newest exhibition at Grey Noise can be seen as a critique of the daily bustle in a fast-paced city, whether it's the anxiety of manoeuvring traffic, stopping at a gas station for food and fuel, or even taking on the city by foot. The exhibition features a panoply of objects that aren't traditionally used to create art: from chicken wings to a shirt and shorts. The centrepiece of the exhibition is a video that draws from Mass Traffic, a book that Xie wrote with Sabih Ahmed, featuring sequences of texts that reflect upon the speed of daily life in contemporary urban environments. Tuesday to Saturday, 11am-7pm; until March 29; Grey Noise, Dubai Melis Buyruk's exhibition at Leila Heller Gallery draws inspiration from the story of the four birds that is found in the fifth book of Rumi's Masnavi. Each of the birds in the story represents a facet of the human condition, including desire, fear, attachment and the yearning for freedom. Buyruk uses porcelain to materialise these concepts. Among the works is a series four oval frames that feature floral designs rendered that embody the qualities represented by the birds. Monday to Friday, 10am-7pm; Saturday, 11am – 7pm; until March 9; Leila Heller Gallery, Dubai Reflections and Inspiration from Emirati Heritage came about as a collaboration between Sharjah Heritage Museum and University of Sharjah's College of Fine Arts and Design. The exhibition opened in November 2023 and, after more than a year of being on show, it will soon draw to a close. Students from the college reflect upon elements in UAE heritage designs and across dozens of unique works to bring a refreshed look to these traditional motifs. Patterns found in traditional handicrafts like Sadu and Talli are rendered with vibrant paintings and sculptures. There are also works that reimagine the heritage elements in modern fashion designs. Saturday to Thursday, 8am-8pm; Friday, 4pm – 8pm; until April 15; Sharjah Heritage Museum, Sharjah
