Hackers are now allegedly leveraging the infamous Mirai malware, to target millions of home routers with a critical security flaw. Security researchers believe that routers provided to customers of German and Irish ISPs are vulnerable to such attacks, according to reports.
New Mirai attacks have been tracked by researchers, exploiting vulnerabilities found in router manufacturers such as Zyxel and Speedport, ArsTechnica reported. The devices expose an internet port (port 7547) to outside connections. Hackers use this loophole to send commands, which are used by ISPs to remotely operate and manage a large array of devices.
According to researchers at the SANS Internet Storm Center, honeypot servers masquerading as vulnerable routers have been noted as receiving exploits every five to 10 minutes. SANS Dean of Research Johannes Ullrich said the exploits may have caused the Deutsche Telekom outage.
Commenting on the German telecom cyberattack, Alex Mathew, EMEA technical manager at Positive Technologies, told IBTimes UK: "The attack of this kind isn't something new: this year we had multiple reports about thousands of infected routers used for DDoS botnets.
"We would even suspect that this German story is about 'a broken botnet'. After all, hackers are not very interested in broken routers; they prefer to take control over working routers, and use them for other attacks. Perhaps, someone tried to build a Mirai-like botnet out of these infected routers in Germany but something went wrong and routers just went off."
According to Kaspersky researchers, "Since there is no Mirai related infrastructure behind this network range, the bots will not receive any further commands until the criminals behind this attack change the DNS records again. For sure, this is some kind of trolling from the criminals who conducted the attack."