Haven’t yet changed your router username and password from “admin/admin”? If so, then your router could be part of a massive botnet, possibly run by members of Anonymous, according to cybersecurity experts Incapsula.
The network of hacked routers discovered by Incapsula are mostly located in the US, Brazil, and Thailand – but could affect any router in the world – and were infected by a number of different malware builds that built a botnet responsible for multiple DDoS attacks during December 2014.
Incapsula found that a great number of the hijacked routers were reporting back to AnonOps.com, a site owned and visited by Anonymous activists, “indicating that Anonymous is one of the groups responsible for exploiting these under-protected devices,” according to the report.
The affected “units are remotely accessible via HTTP and SSH on their default ports,” the report continues. “On top of that, nearly all are configured with vendor-provided default login credentials.”
“For perpetrators, this is like shooting fish in a barrel, which makes each of the scans that much more effective. Using this botnet also enables perpetrators to execute distributed scans, improving their chances against commonplace blacklisting, rate-limiting and reputation-based defense mechanisms.”
The botnet, similar to the one used by Lizard Squad for bespoke DDoS attacks since Christmas, used the MrBrick Trojan to insert as-yet-unidentified malware into the affected routers.
The full Incapsula report can be read below:
Thank you The Daily Dot for providing us with this information.