Email
Password
Remember meForgot password?
    Log in with Twitter

article imageBotnet of 100,000 routers could unleash cyberattack at any moment

By James Walker     Dec 5, 2017 in Technology
A botnet of 100,000 home broadband routers is lying dormant and could be activated at any time, according to a security researcher. A new strain of the virulent IoT malware Mirai is being used to amass devices, perhaps in preparation for a major attack.
Mirai's already claimed responsibility for one of the biggest Internet outages in history, knocking Twitter and several other major services offline last year. The source code for the malware is now open-source, so it's attracting new attention from opportunistic cybercriminals attempting to amass gigantic botnets.
Mirai infects Internet-connected "smart" devices such as DVRs, webcams and thermostats. Recently, a new strain has been targeting broadband routers from manufacturers including Huawei. Security researcher Dale Drew, chief security strategist at broadband provider CenturyLink, told Ars Technica that over 90,000 Huawei devices – accompanied by around 10,000 others – have been networked into a dormant Mirai botnet.
So far, the malware's operator is yet to use the devices for anything malicious. Since first being observed a fortnight ago, the network has done nothing but expand. The operator is scanning the Internet to identify, infect and connect as many vulnerable devices as possible. In the majority of instances, it’s the popular Huawei EchoLife Home Gateway and Huawei Home Gateway routers on the receiving end of the attack.
READ NEXT: Skillsoft tackles digital skills shortage with new online courses
The massive sleeping botnet could be used to carry out a coordinated assault against online services. Once enough devices have been acquired, the operator could use the 100,000 infiltrated home routers to launch a crippling denial-of-service attack against major website providers. The result could be reminiscent of the impact of Mirai last October, when several high-profile companies found themselves impacted.
While security experts are aware of the botnet, their options to deal with it are limited. Some Internet infrastructure providers, including Century Link-owned Level 3, are already blocking communications between the devices.
This prevents the operator from using the infrastructure to control the botnet. However, many other providers continue to allow botnets to operate freely. Blocking the operator is only a short-term fix as new command-and-control servers can be quickly configured.
As is now the norm for IoT-based attacks, the root enabler of the botnet is weak security around the devices themselves. The operator is using a dictionary of over 65,000 default username and password combinations to obtain access to the wireless routers. Most consumers never change the factory credentials for built-in system accounts, leaving them vulnerable to remote tampering.
More about mirai, botnets, Malware, Cybersecurity, Cyberattack
 
Latest News
Top News