A past investigation led by internet security research firm, Cymru, revealed that more than 0.3 million small office and home routers (SOHOs) across the globe have been subjected to man-in-the-middle attacks. This disturbing discovery was encompassed in the report named ‘Increasing Vulnerability of Small Office Routers Presents Significant Risks’ that highlighted routers primarily in Europe and Asia as primary targets of a technique referred to as SOHO pharming.
Interestingly, a high percentage of these unauthorized operations were concentrated in Vietnam, India, Italy, and Thailand. The compromised routers in these countries had their DNS settings unlawfully interfered with—shifting from their ISP’s default to two UK IP addresses (5.45.75.11 and 5.45.75.36). The strategies used for these attacks can be bifurcated into two categories. Initially, several routers were aimed at through malicious codes, specifically focusing on ones with GUIs accessible via the internet. Following that, other routers became easy prey due to their susceptibility to ROM-O attacks, with a substantial number on ZyXEL’s ZynOS platform being most affected.
As yet, there hasn’t been any definitive proof indicating that the two mentioned IP addresses were exploited for strictly harmful purposes. Regardless, Cymru recommends that router users stay alert and regularly verify their DNS settings, confirming they correlate with the data provided by their ISP.
source: efytimes
This article was updated in 2025 to reflect current trends and insights.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
