Another VPN has been hacked: This time, DrayTek Vigor router models 2960 and 3900 have been compromised.
The threat actors behind the campaign, which has been dubbed “Hiatus,” have operated since July 2022, successfully getting away with system and networking data that could set them up well for further data breaches.
At least a hundred businesses have been hacked through the campaign, and it's global as well, with hacked businesses operating out of Europe, North America, and South America. Here's what to know.
The DrayTek VPN Hack
The news comes from Lumen's Black Lotus Labs, which released a blog post explaining what they know about how the hack works.
DrayTek Vigor devices help small businesses get remote connectivity to corporate networks, making them a great target for a hacker out to swipe data. Sadly, Black Lotus Labs couldn't figure out the initial entry point the bad actors used to get into the DrayTek routers. Once in, they deploy a bash script that downloads a malicious program.
The malware, HaitusRat, does a few different tasks: It downloads further payloads, it runs commands on the compromised device, and it eventually turns the entire device into its own SOCKS5 proxy to gain control over server traffic. It then sucks up a ton of data, including:
- System-level Information: MAC address, Kernel version, Architecture, and Firmware release version
- Networking Information: ifconfig command outputs and ARP cache, including the local IP addresses
- File System Information: Mount point names, directory-level path locations, and the file system type
- Process List: The process name, ID, UID, and arguments
It's a lot. You don't want to be compromised, but if your business uses DrayTek Vigor router models 2960 and 3900, you may be at risk.
Which VPNs Are Safest?
The 2022 VPN Risk Report, out last year from Cybersecurity Insiders and Zscaler, found that 44% of cybersecurity professionals had seen an “increase in exploits targeting their VPNs.”
The personal sector isn't doing much better. One other survey covering more than 2,000 internet users determined that 80% of global VPN users are considering switching to free versions, a switch that could leave them at even greater risk.
At Tech.co, our research team has combed through the best VPNs on the market, with an eye to the most secure options. In the end, we have handful of tips: Don't go for a free option, make sure the VPN comes with a kill switch, and always check the terms and conditions.