Millions of unsecured home routers caught up in DDoS botnet

Hackers take advantage of factory defaults

Hackers have managed to hijack hundreds of thousands of poorly secured wireless routers and established "self-sustaining" botnets to launch denial of service (DDoS) attacks.

First reported by The Register, routers located in Brazil and Thailand were infiltrated by hackers who took advantage of factory-default usernames and passwords that have never been changed by home router owners.

Cyber security firm Incapsula found the attack network after being asked to investigate a DDoS botnet attack against several customers that used tens of thousands of routers. It explained that units on the botnet can be accessed over the Internet via HTTP or SSH on the default ports of each protocol.

Once a router is highjacked it is used to scan for other machines with the same flaw and enlist them as part of the botnet before running a script that continues the cycle. The malicious code inserted by attackers is the MrBlack trojan that is then used to carry out the DDoS attack.

DDoS-as-a-service

Incapsula added that hundreds of thousands or even millions of insecure home gateways were illicitly banded together as part of the botnet and its characteristics resemble a similar attack platform used by Lizard Squad's notorious DDoS crew.

The Lizard Squad used a DDoS attack to take down the PlayStation Network and Xbox Live over the 2014 festive period and followed this up by unveiling a DDoS-as-a-service that allows anyone to launch a DDoS attack against a site for a pay-per-second price.

Tags