Millions of routers have been hacked this week through open ports, and ISPs across Europe and beyond are working with router suppliers to fix the threat from the Mirai botnet.
Broadband services provided by TalkTalk, the Post Office, KCOM, Deutsche Telekom and Eir have so far been affected, leaving millions of customers disconnected.
The disabling of the connection and distribution of malicious software to extend a botnet appears to have been the main purpose of the attack , rather than an attempt to delve further into business and consumer networks for private, critical or sensitive data. However, the botnet may well be a tool for malicious cracking, and this is a growing problem, especially as IoT (Internet of Things) devices gain traction.
The problem cannot just be blamed on users not securing devices properly (eg by not changing default passwords, disabling ports etc); it is also long past time that manufacturers address security issues caused by poor security features and default settings on their equipment that create vulnerabilities.
Zyxel and D-Link routers seem to be the most affected - these brands are often provided for free by ISPs and telcos to their customers, which whilst seemingly a good deal for the customer, means that compromises are being made, most particularly with cybersecurity. The value you place on your business should be reflected in the quality of the hardware and software that your company uses, and free routers simply do not cut it in this day and age.
The attack is an exploit of the TR-064 and TR-069 protocols on port 7547, which Zyxel is now blaming on a specific chipset supplier, Econet, with chipsets RT63365 and MT7505 with SDK version #184.108.40.206 and #220.127.116.11 v002 respectively. (Source: El Reg) The manufacturers have now released firmware upgrades that address this most recent threat. If you are in any doubt about whether your router is secure or not, contact your ISP for advice. Many ISPs eg Zen (whose routers are, like ours, unaffected) have been using twitter and Facebook to inform customers about router security, firmware upgrades, etc.
Here at Express Telephony, we use Draytek 2860n routers, which are designed for business purposes rather than home connectivity. Express engineers disable many features for cybersecurity when providing routers to our customers; however, despite our confidence that all of our customers´ routers are safe, in light of this Mirai threat, our team have been double-checking that all routers supplied by Express Telephony to our customers are secure, both with this threat and potential upcoming issues.
Please note: No device can ever be 100% secure, particularly because the crackers are constantly exploiting new vulnerabilities each day, but Express Telephony prides itself on keeping our customers connected, secure and educated with regards to telecom and IT threats.