A sophisticated piece of malware has been hijacking internet traffic through compromised routers and gateway devices for years without people noticing.
When we think about cyberattacks, our first thought is of an attack on a PC. While this is probably the most common example of a cyberattack, it’s not the only attack method. And the DKnife malware is the perfect example of this. Targeting routers and network gateways – which help connect you to the internet – the DKnife malware does things differently. Once it’s taken control of routers and gateways, it can quietly monitor and manipulate online traffic without causing any obvious signs of trouble.
DKnife has been active in the digital wild for several years now and underlines an important lesson in online security.
How Did the DKnife Attack Unfold?
The attack typically began with hackers gaining access to a vulnerable router or network gateway, usually one which was outdated or using weak (even default) login details. Once the attackers established a foothold, they installed the DKnife malware directly onto the device. With this in place, they had a permanent entry route into the network. This made the router an active part of the attack, watching and recording all the internet traffic passing through it.
Once a PC connected to the compromised network, the infection could spread with ease and without causing any suspicious activity. When the victim downloaded software updates, opened websites, or logged into online platforms, the router harvested this data in real time. The data was then transmitted to a remote server. In certain cases, genuine downloads were stealthily swapped out for malicious ones. Again, this ensured malware was installed without raising any alarms.
The genius of this attack was that DKnife wasn’t installed directly on the victim’s PC. Therefore, no matter how effectively that PC was scanned for viruses, or even replaced altogether, the infected router was able to continue its malicious campaign in peace. This persistence meant a single network device could, due to its weak security, be converted into a long-term infection point for any PC which connected to it.
Staying Safe in the Age of the Router
Typically, the DKnife campaign targeted Chinese-speaking victims, but as routers are crucial for any modern business, it’s crucial that you know how to stay safe from similar attacks. While router-based attacks may be difficult to spot, they’re not impossible to defend against. By implementing the following best practices, you can significantly reduce the risk:
- Update your firmware: Regularly update your router’s firmware to minimize the risk of any vulnerabilities being exploited. Also, replace any legacy devices which are no longer receiving updates – these represent major targets of interest for hackers.
- Change default login details: Many routers come with default login details to ensure, when you first use them, that you can connect to your network. However, these default login credentials represent a major security risk as they’re shared among hackers. Make sure you change these to strong passwords as soon as possible.
- Monitor network devices: It’s important that you regularly check which devices are connected to your network. If you don’t recognize a device, or detect any unusual network activity, you need to speak to an IT professional to investigate further.
For more ways to secure and optimize your business technology, contact your local IT professionals.
