New sophisticated malware targets routers

Robert O'Sullivan, Cora Quigley, Jackie Dana, Rodney Brazil | July 8, 2022

7 min read

Last week, researchers detected ZuoRAT, a new kind of stealthy malware that targets routers, according to Ars Technica. The Black Lotus Labs research team from Lumen Technologies identified and described the malware, and found over 80 incidents in infected routers manufactured by Asus, Cisco, DrayTek, and Netgear.

This comes as a long string of various cyber attacks that have global implications. Only a few months ago we reported on a rise in damaging cyber threats that included DDoS attacks and advanced persistent threats (APTs). You can read more about these threats here.

The latest threat involves ZuoRA, a remote access trojan (RAT); it forms part of a wider ongoing hacking campaign believed to have been in progress since the end of 2020.

In this case, targeted routers were of the SOHO type (an acronym for Small Office/Home Office) which are used for wired and wireless broadband network routing. The malware exploits the fact that many people working from home neglect to apply the same security standards upheld in the traditional office space. This can often be the case for unpatched security vulnerabilities.

ZuoRAT also has advanced capabilities that make it a more significant threat.

After infecting a router, ZuoRAT can use HTTP and DNS hijacking to install additional malware to other devices found on that network. It can access all network traffic, collect DNS lookups, take control of an entire network, install ransomware, or turn the router into a botnet.

But perhaps the most dangerous thing about the ZuoRAT is that it has the ability to escape the notice of many security software programs. Compared to other router types, SOHO routers are not frequently monitored, which is why this attack was able to remain undetected.

In a report by Black Lotus Labs, researchers wrote that the combination of these two types of attacks is rare and demonstrates “a high level of sophistication by a threat actor”. The company postulated that the attack was likely developed by a state-sponsored organization.

The last major incident involving SOHO router malware was VPNFilter in 2018, and according to the FBI, this was developed and deployed by a state-sponsored Russian hacking group.

Unfortunately, the wheels of cybercrime show no sign of slowing and the worst attacks remain a very real possibility for small businesses. But by maintaining the best security practices and using recommended security software programs, you can minimize your risk level.

In other news

Unidentified craters on the moon. NASA scientists believe a double crater on the moon is the mark of an unidentified rocked crash. Photos of the site, taken on May 25 and released a month later, show debris and two overlapping craters. It’s likely that space junk collided with the moon, but NASA isn’t sure what the object was or which country is to blame. According to ZDNet, Bill Gray, an astronomer who tracks such objects, first claimed it was part of a Falcon X rocket launched by Space X in 2015, but NASA later ruled it out. LiveScience reports that Gray now suspects it was the upper stage of China’s 2014 Chang’e 5-T1 rocket that caused the damage. However, China had reported that all parts of the rocket from that mission burned up. Without feet on the ground to investigate, it will be difficult to definitively identify the source of the craters.
FCC Commissioner urges app stores to remove TikTok. FCC Commissioner Brendan Carr posted a letter to Twitter that he also sent to Apple and Google. It encourages both tech giants to ban TikTok from their app stores, citing “its pattern of surreptitious data practices” that aren’t compliant with the policies of both companies. This move comes after reports that American user data could be accessed easily from China. In the letter, Carr claims that TikTok harvests data such as browsing histories, keystroke patterns, and even draft messages. Speaking with Gizmodo, Carr explained that he hadn’t discussed the content of the letter deeply with other members of the FCC, but he hopes that it will encourage them to look harder at the matter.
New supercomputers to upgrade US weather forecasting. The National Oceanic and Atmospheric Administration (NOAA) has turned on two new supercomputers three times faster than their former system. According to ZDNet, supercomputers will deliver more accurate reporting in areas like wind, precipitation, temperature, and atmospheric ozone concentration. NOAA will also use them to develop their new hurricane forecast model, the Hurricane Analysis and Forecast System, which they plan to launch in time for the 2023 hurricane season.
Growth in rocket launches will alter the climate and damage ozone. A study has found that the projected increase in the number of rocket launches in the next few decades will have a detrimental effect on the earth’s environment. Space.com reports that the study, which was carried out by NOAA, focuses on the impact of rockets that burn fossil fuel, such as the Falcon 9 from Elon Musk’s SpaceX. Currently, the pollution that space missions generate is negligible compared to industries like aviation. However, an increase in the amount of soot that rockets inject into the upper layers of earth’s atmosphere could lead to a temperature increase of 1 to 4 degrees Fahrenheit in that layer annually. This would result in ozone layer depletion and a slowdown of subtropical jet streams.
China censors information about massive data hack. In what may be one of the largest known breaches of personal data in China’s history, a hacker calling himself “ChinaDan” says he has obtained a Shanghai police database of one billion people. According to Gizmodo, the data includes names, addresses, ID numbers, criminal case information, and more. He’s willing to sell this database, which could have information on up to a billion Chinese citizens, for 10 Bitcoin, or roughly $200,000. The New York Times reports that they have authenticated part of a sample of the data released by the hacker. Gizmodo notes that the Chinese government remains silent on the hack and that Chinese censors have removed social media posts discussing the hack.
Maybe we’re not quite ready for self-driving cars. Last week in San Francisco a traffic jam lasted for hours, thanks to eight self-driving Cruise vehicles that all ended up at the corner of Gough and Fulton streets. As reported by Gizmodo, the problem continued for hours until employees of the company arrived to remove the cars in person. Remarkably, it was just in June when Cruise had just become the first autonomous car company to receive permission from the California Public Utilities Commission to operate cars without a human driver.

Some @Cruise robotaxis appeared to be stuck in SF last night at the corner of Gough St. and Fulton St.

Human ops apparently had to rescue them. Still some kinks to iron out. pic.twitter.com/eXDocjVfHU
— Taylor Ogan (@TaylorOgan) June 30, 2022

Tip of the Week

From heat waves to hurricanes, the weather is a hot topic this year. For bloggers always looking for new ways to engage visitors, consider adding a weather widget to your website.

The best WordPress weather plugins let you update the current conditions, provide worldwide forecast information, and even show local weather alerts. You can find a wide range of weather plugins for WordPress such as OWM Weather, which retrieves the weather information from the Open Weather Map website, and Awesome Weather, which gives you an impressive collection of settings and customizable options.