A financially motivated hacking group called ” Magecart Group 5 (MG5) “targeting high-end commercial-grade layer 7 (L7) WiFi routers and take taking control over the public Wi-Fi networks that deployed in airports, casinos, hotels, and resorts.
Magecart Group 5 group name has been derived since the attackers used a modus operandi with 38 different cybercrime factions that they used to attack E-commerce sites that includes hacking carts, checkout pages or web logic and more.
Earlier this Year, MG5 threat group have been already involved with attacking hundreds of E-commerce Websites Injecting with Skimming Code That Steals Payment card Data.
This technique allows attackers to infect the mobile devices to gain access and take control over the application running on the compromised mobile.
Attack Commercial-Grade, L7 WiFi Routers
Threat actors specifically target and infect the code in Wi-Fi routers that provide commercial Wi-Fi service in public areas such as hotels or Airports.
Commercial-class layer 7 routers integrate by both routing and switching capabilities and reside in the same virtualization server as other business-critical IT infrastructure components that allows an attacker to take control of the other part of the network.
According to IBM research, ” popular routers in this category can also present risky features when it comes to information security — content filtering, redirection to interstitial pages, payload rewriting and traffic shaping are just a few of those features.”
Once the attackers compromised the web resources that an L7 router loads, they can abuse this feature and use it against the user and attack their Wi-Fi connected devices.
Wi-Fi Attack Scenario
But when we are staying in a hotel, we are often getting ads in our devices when we connect via captive ports because WiFi vendors offer a discounted price to the hotel for the Wi-Fi operation and prompt them to allows midstream ads to run before guests connect to generate extra revenue from 3 rd parties.
Attackers also can steal the payment data when users browser using Wi-Fi connection from the compromised computer and also inject malicious ads.
” Having access to a large number of captive users with very high turnover — such as in the case of airports and hotels — is a lucrative concept for attackers looking to compromise payment data.” Researched said.
You can read here the about How To Secure Wi-Fi Networks Effectively From Hackers – A Complete Guide.