News

Cybercriminals Target Home Routers and Offer Phony COVID-19 Apps
April 06, 2020

With so many people working from home due to the COVID-19 pandemic, cybercriminals are now targeting home routers and then using deceptive tactics to trick people into providing access to their computers. From there, the invaders can capture information that allows them to steal money from bank accounts, perform identity theft, or launch further cyberattacks on the victims’ contacts, including their employers, warns St. Luke’s Information Security Director David Finkelstein.

“Cybercriminals are cleverly devious in finding new ways to access your information to make money,” Finkelstein says. “They are so low that they are using the current COVID-19 pandemic to exploit weaknesses. Every day we learn of new ways they are attacking both individuals and organizations, especially hospitals, their employees and patients. Now more than ever, it’s crucial to be on your guard for anything that doesn’t see quite right.”

For example, over the past few weeks people have reported that their web browsers opened on their own and showed a message that appeared to be from the World Health Organization. The message prompted them to download a ‘COVID-19 Inform App’ (see below).


Msftconnecttest page promoting fake COVID-19 information app
Source: https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/



If they did so, malware was launched on their computer in an attempt to steal information from their:

  • Browser cookies
  • Browser history
  • Browser payment information
  • Saved login credentials
  • Cryptocurrency wallets
  • Text files
  • Browser form autofill information
  • A screenshot of your desktop at the time of infection, and more

This information could then be used to perform further attacks on online accounts.

This was possible because the cybercriminals had found a way to access the individuals’ home routers and change the Domain Name System (DNS) servers that they were connected to, thereby giving them access to the home’s computers and devices. A router connects multiple networks and routes network traffic between them. In the case of a home network, the router has one connection to the Internet and one connection to the network of computers and devices connected to the WIFI in the home. A DNS is like the phonebook of the internet. It translates domain names to IP addresses so browsers can load Internet resources.


What you should do if you suspect your router has been compromised

If your browser is randomly opening to a page promoting a COVID-19 information app, login to your router and configure it to automatically receive its DNS servers from your internet service provider (ISP). To help you through this process contact your ISP or visit its website for instructions. Also, contact your employer’s information technology department.

If you have downloaded such an app, in addition to changing your router information, run an anti-virus scan on your computer. Once this is completed, change all the passwords saved on your browser, as well as passwords for any site that you visited since being infected. Be sure to use different and strong passwords for each.


What you can do to prevent your router from being accessed

Make sure that you have changed the default router password and avoid using passwords that are easy to figure out, such as “Smithfamily.” If you need help, contact your ISP, check its website, or refer to the documentation that came with your router. Keep your computer, router firmware and web browser up to date. Finkelstein suggests these other ways to protect yourself from hackers.

  • Install anti-virus software and keep it current on both personal computers (PCs), laptops, phones, and other devices. If you have an Apple computer, such as an iMac or MacBook, protect it as well. In the last year, hackers have been more aggressive in targeting Macs.
  • Install software updates promptly.
  • Never save passwords on your browser.
  • Require two-factor authentication on all of your bank account and credit card accounts.
  • Use strong and unique passwords for all sites.
  • Do not provide your credentials, usernames or passwords unless you are confident of the source.
  • Do not open email attachments from unknown sources.
  • Do not click on a link that takes you to a website, even those that appear to be reliable. Use google or other favorite search engine to find websites and then type the URL into your web browser instead.

For information on the COVID-19 pandemic, visit www.sluhn.org/covid-19.


###


Media Contact

Sam Kennedy, Corporate Communications Director, 484-526-4134, samuel.kennedy@sluhn.org


About St. Luke’s

Founded in 1872, St. Luke’s University Health Network (SLUHN) is a fully integrated, regional, non-profit network of more than 15,000 employees providing services at 11 hospitals and 300 outpatient sites. With annual net revenue greater than $2 billion, the Network’s service area includes 11 counties: Lehigh, Northampton, Berks, Bucks, Carbon, Montgomery, Monroe, Schuylkill and Luzerne counties in Pennsylvania and Warren and Hunterdon counties in New Jersey. Dedicated to advancing medical education, St. Luke’s is the preeminent teaching hospital in central-eastern Pennsylvania. In partnership with Temple University, St. Luke’s created the Lehigh Valley’s first and only regional medical school campus. It also operates the nation’s longest continuously operating School of Nursing, established in 1884, and 34 fully accredited graduate medical educational programs with 263 residents and fellows. St. Luke’s is the only Lehigh Valley-based health care system with Medicare’s five- and four-star ratings (the highest) for quality, efficiency and patient satisfaction. St. Luke’s is both a Leapfrog Group and Healthgrades Top Hospital and a Newsweek World’s Best Hospital. In 2019, three of IBM Watson Health’s 100 Top Hospitals were St. Luke’s hospitals. St. Luke’s University Hospital has earned the 100 Top Major Teaching Hospital designation from IBM Watson Health seven times total and five years in a row. St. Luke’s has also been cited by IBM Watson Health as a 50 Top Cardiovascular Program. Utilizing the Epic electronic medical record (EMR) system for both inpatient and outpatient services, the Network is a multi-year recipient of the Most Wired award recognizing the breadth of the SLUHN’s information technology applications such as telehealth, online scheduling and online pricing information. St. Luke’s is also recognized as one of the state’s lowest cost providers.