Last Sunday, Deutsche Telekom had an outage that affected almost one million of their customers. The issue involved their customers routers, and the ISP suspected foul play.
It turns out they were right! Attackers have modified a version of the Mirai botnet to exploit a newly discovered vulnerability that may affect many routers shipped by ISPs. Watch the Daily Byte below to learn more about this incident, the new router flaw, and what you can do to protect yourself.
Episode Runtime: 2:26
Direct YouTube Link: https://www.youtube.com/watch?v=jy2UPE9VPgw
EPISODE REFERENCES:
- Deutsche Telekom had weekend outage; suspect hackers – Fortune
- Attackers targeted newly released router flaw – Ars Technica
- Honeynet used to measure the router attacks – SANS
- Proof-of-Concept (PoC) exploit for router flaw – Exploit DB
— Corey Nachreiner, CISSP (@SecAdept)
John Deer says
Wow…..its getting to the point where the Internet is becoming its own worst enemy. It seems eveything can be hacked, the Internet as a whole can be hacked NOTHING is secure…nothing is private, nothing is what it seems.
Its a bloody joke if you ask me. The internet will be the worlds downfall and eventually collapse.
Corey Nachreiner says
Heh… As a security expert, I sometimes feel paranoid and overwhelmed, and have similar thoughts… but, to put it all in perspective, the Internet has done more for mankind so far than against it. It’s just good to face security issues head on so we can fix the issue before all that happens. ^_^
Bruce Briggs says
FYI – Accessing the Ars Technica link, I get this on my Win 7 laptop (Firefox & Chrome), but it works OK on my iPad (Safari):
2016-11-30 16:24:39 Deny 10.0.1.2 50.31.151.33 http/tcp 61902 80 0-Trusted 0-External ProxyDrop: HTTP Virus found (HTTP-proxy_yyy) HTTP-Client.2x proc_id=”http-proxy” rc=”594″ msg_id=”1AFF-0028″ proxy_act=”HTTP-Client.2x” virus=”Linux/Downloader” host=”arstechnica.com” path=”/security/2016/11/notorious-iot-botnets-weaponize-new-flaw-found-in-millions-of-home-routers/” geo_dst=”USA” Traffic
and
2016-11-30 16:29:45 Deny 10.0.1.2 50.31.151.33 http/tcp 62019 80 0-Trusted 0-External ProxyDeny: HTTP bad reputation (HTTP-proxy_yyy) HTTP-Client.2x proc_id=”http-proxy” rc=”595″ msg_id=”1AFF-002C” proxy_act=”HTTP-Client.2x” reputation=”90″ host=”arstechnica.com” path=”/security/2016/11/notorious-iot-botnets-weaponize-new-flaw-found-in-millions-of-home-routers/” geo_dst=”USA” Traffic
Corey Nachreiner says
Bruce,
Interesting. I just visited it now, and I don’t get that myself, and the link itself looks pretty clean (straight to Ars). I won’t if it was related to temporary malvertising, or something of the sort. Of course, in that case, I would expect the proxy log to reflect the domain something was forwarded too (unless malicious code was directly on the arstechnica.com page). I’ll see if I can find anything to explain why. As an aside, I am going through a Firebox too.