Here's How A Botnet Of 1 Lakh Infected Routers Can Cripple The Internet At Any Moment
The hacker responsible can use the infected network to take down a website just by bombarding it with thousands of service requests a second.
Thanks to a number of router manufacturers not keeping their offerings up to scratch, we may have a major cybersecurity issue on our hands.
Now, attackers have repurposed the Mirai botnet, which was a malware attack earlier this year that was capable of taking over IoT devices, and they¡¯ve tweaked it slightly to amass an army of 100,000 compromised home routers that are poised to attack at any time.
Dale Drew, chief security strategist for CenturyLink, told Ars Technica that botnet operators have been updating Mirai ever since the source code was published last year, usually with minor changes that tend to be amateurish. Therefore, they¡¯re not as potent as the original, all except for this latest entry.
The unknown attacker doesn¡¯t just have an army, his army is also automatically recruiting more soldiers on its own.
The newest variant uses a recently discovered zero-day exploit to infect two very common routers ¨C the EchoLife Home Gateway and the Huawei Home Gateway. The bigger problem? This exploit lets an attacker take over the device even if it¡¯s secured with strong passwords, or doesn¡¯t even have remote admin login turned off entirely.
According to Drew, approximately 90,000 of the 100,000 infected devices are one or the other Huawei router models, while the malware also has a list of 65,000 username and password combinations to try against other types of IoT devices.
What bad things can these 1 lakh infected routers unleash?
REUTERS
Since it was discovered two weeks ago, the botnet hasn¡¯t been used for anything other than recruitment of more infected devices. However Drew warns that, at any time, the creator could execute a staggering DDoS attack. He says it¡¯ll most likely be a mercenary army, paid to execute cyber attacks and receiving money in return.
While the security team managed to gain access to two of the domains used to direct the botnet, Drew believes the operator has since managed to wrest back control of his army through other means. In the meantime, while the ISP CenturyLink has blocked the control server involved, there are other options for an attacker to use. All cybersecurity professionals can do right now, he says, is keep a close eye on the botnet and react accordingly.