The GhostDNS variant Novidade attempted to infect Avast users’ routers over 2.6 million times in February alone and was spread via three campaigns. The GhostDNS exploit kit is very popular in many parts of the global underground hacking scene and some of its variants belong to the most active exploit kits targeting routers in 2019. So far in 2019, Avast has stopped more than 70,000 GhostDNS attacks. Known router exploit kits used to attack routers include GhostDNS, Novidade, and in April 2019, Avast discovered SonarDNS. Earlier in the year, the Federal government agency Australian Cyber Security Centre (ACSC) made an announcement that it is aware of a global Domain Name System (DNS) infrastructure hijacking campaign and released a statement outlining best practices for how organisations can protect their systems.Ĭybercriminals use cross-site request forgery (CSRF) attacks to carry out commands without the users’ knowledge, in this case to silently modify the users’ DNS settings to perform phishing and crypto-mining attacks, or attacks via malicious ads.