Trend Micro Incorporated, a global leader in cybersecurity solutions, published a study titled “Worm War: The Botnet Battle for IoT Territory” that warns consumers of a major new wave of attacks taking place to compromise home routers to use them in IoT botnets. Report authors urge users to take steps to ensure that devices they own are not involved in criminal activity.
There has been a recent surge in the number of attacks targeting routers. This was especially noticeable in the fourth quarter of 2019. New research shows that the increase in abuse associated with these devices will continue, as attackers can easily recoup such infections in further attacks using hijacked routers.
“With so many people now using home networks for work and study, it has become especially important to monitor what’s going on with the router,” said John Clay, global head of cyberthreat communications at Trend Micro. – Cybercriminals have stepped up their attacks in a big way, knowing that the vast majority of home routers use the default login and password. Seizing control of their router can be experienced by home users as a reduction in network bandwidth. And organizations that are targeted by attacks using infected routers could face botnets sending their sites offline – we’ve seen this in previous high-profile attacks.
Trend Micro study reveals that October 2019 saw an increase in password hacking attempts on routers. In this case, attackers use software that automatically tries common password combinations. The number of such attempts has increased more than tenfold, from 23 million in September to nearly 249 million in December 2019. Trend Micro recorded nearly 194 million brute-force logins in March 2020.
Another indicator of the increase in this threat is attempts by devices to start telnet sessions with other IoT devices. Since the telnet protocol does not involve data encryption, attackers or their botnets prefer to use it to collect credentials. It peaked in mid-March 2020, with about 16,000 devices attempting to open telnet sessions with other IoT devices in one week.
This trend is worrisome for several reasons. Cybercriminals compete with each other to compromise as many routers as possible, which can be included in botnets. These botnets are then sold on underground sites, either as a tool to carry out DDOS attacks or as a means to anonymize other illegal activities such as click-fraud, data theft, and account hijacking.
The competition is so fierce that criminals will remove any malware found on the attacked router and installed by a competitor to gain exclusive control of the device. A home user whose router has been compromised will be the first to feel its performance problems. If the device is subsequently involved in carrying out attacks, its IP address may be blacklisted, leading the user to disconnect it from key parts of the Internet and corporate networks.
As the report explains, there is a thriving black market for botnet and botnet malware for rent. While any IoT device can be hacked and used as part of a botnet, routers are particularly interesting to attackers because they are easily accessible and directly connected to the Internet.
Trend Micro published recommendations for home users:
– Make sure you use a strong password change it from time to time
– make sure that you have the latest firmware version installed on your router
– check device logs for activities that don’t make sense for the network
– allow only local network access to the router.
The full report is available on the Trend Micro Incorporated website >
How can I protect my home router from cyber attacks and ensure the security of my internet connection?
I find it fascinating how technology has become an integral part of our lives, even managing our home routers. But with the increasing cyber threats, are we as users equipped with the knowledge and tools to protect our routers effectively? What steps can we take to ensure our routers are secure from potential attacks?