Over 40,000 Botnet-Infected Home Routers Used To Launch DDoS Attacks
The information age that we live in has us all on edge when it comes to our privacy and security when we surf the internet or exchange information over the internet waves. There is no doubt that the surf of the internet is unpredictable as we have a perpetuation of sharks in the form of hackers who are always on the hunt for their next victim to feed them massive amounts of personal data.
In a recent finding by Incapsula's researchers, malicious traffic was detected being wielded by home routers that were found to be infected with a botnet. These routers, once mostly used in home network environments, were hacked through their management interfaces exposed to the internet through SSH and HTTP access where they used default login credentials.
Home routers have long been targets for hackers and remote attackers. Even though the latest routers have all types of new and aggressive security features to thwart infiltration, therein each of them lies a dark hole leaving them vulnerable to anyone with a little knowledge. That vulnerability is their default login credentials that many use fresh out of the box. Use of the default logins for routers bypasses any security features that may have been put in place. Most routers, when shipped, will strongly urge the user to change the login credentials including the password so the device may be "secure."
In what appears to be a group of nearly 40,000 home routers, attackers are utilizing a botnet that has infected the devices to usher DDoS attacks on websites on the internet. Researchers first suspected that the routers were infected with a Botnet through a firmware vulnerability, which would grant entry for such an infection to populate the routers self-contained operating system. In the case of this router attack, hackers have given themselves unadulterated access by using default login credentials of particular routers that the user failed to update the login and password.
One peculiar feature of the infected routers is that they contain shell scripts that run to scan the internet for other routers that can be accessed over SSH using their default login information. Expediting this feature would essentially spread the Botnet infection onto other devices, which adds to the 40,000 or so infected routers that have so far been accounted for.
At one time the Incapsula researchers thought the hacker activist group Anonymous was responsible for the compromised routers. Afterwards, it was concluded that this information was not true, and the speculation arose due to conflicting data.
DDoS attacks have long been a major pain for website administrators and companies who may lose money due to downtime their website suffers due to such an attack. Through the use of compromised routers to initiate DDoS attacks, users may also be redirected to malicious sites, intercept online banking logins, steal login credentials from users, inject rogue advertisements into web traffic and many other illegal activities. Moreover, Botnet-infected routers pose a problem for tracking and resolving the threat.
As far as who is responsible for the recent rash of infected routers that conduct DDoS attacks, researchers have yet to identify the perpetrators with a 100% certainty. Lizard Squad, a black hat hacking group, known for DDoS attacks, has taken responsibility for attacks against large sites in the past. It is not to say they are not responsible, it only draws some curiosity that points in their direction.
During April of this year, use of the Ubiquiti botnet saw a sharp increase, nearly the same time that the Botnet-infected routers were running attacks, which date back as far as December of 2014. The largest concentration of botnets associated with Botnet-infected routers is out of Thailand accounting for 64% of the 40,000 IP addresses and 1,600 ISPs associated with the botnet. Next in line is Brazil with 21% and then the U.S. with only 4% followed by India having just 3%.
Computer users should practice safe router etiquette by simply changing the default login and/or password of their device. By taking this one step, those using home routers would have reduced their chances for being attacked by over half.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.