Researchers at Lumen Technologies have uncovered an ongoing malware campaign that’s targeting and stealing data from pharmaceutical, IT services, and consulting firms through their internet routers. The campaign started in July, with the attackers targeting end-of-life DrayTek Vigor router models 2960 and 3900, which are commonly used by small to mid-sized businesses and allow users to remotely connect to corporate networks.
Why it matters: Over 100 businesses across North America, Latin America, and Europe have been affected, and the attacks show no sign of stopping. The insecure design and volume of data that flows through internet routers make them an easy target for hackers.
- The perpetrators conceal whatever trails they leave behind by setting up infected routers to operate as bots that scatter malicious traffic to victims on other networks.
- According to the researchers at Lumen Technologies, approximately 2,700 DrayTek Vigor 2960 routers and 1,400 DrayTek Vigor 3900 routers were still open to attack as of mid-February 2023.
- Businesses should consider comprehensive Secure Access Service Edge (SASE) or similar solutions that utilize VPN-based access to protect data and reinforce their security posture, according to the researchers.