(Image: file photo)
Nearly a million users across Europe were thrown off the internet during the weekend into Monday after criminals tried to hijack home routers as part of a coordinated cyber attack.
Security researchers said that routers provided to customers in Germany by their internet providers were at risk of attack from the notorious Mirai malware, most notable for its large-scale botnet that brought parts of the internet offline on the US east coast last month.
Mirai, if used to attack specific targets, can bring down websites, services, or even internet infrastructure, which can see widescale outages.
The routers, most of which were made by Zyxel and Speedport, had port 7547 open, typically used by internet providers to remotely manage and maintain in case of outage or issue.
The exploit code used to attack the routers is believed to be derived from a modified version of Mirai, which instead of commandeering vast numbers of internet-connected surveillance cameras was used in a botched attempt to hijack home routers. According to the SANS Internet Storm Center, which was first to report the issue, honeypots pretending to be affected routers are receiving exploit orders as quickly as once every five minutes.
According to security researcher Kenn White who tweeted on Monday, there are more than 41 million devices on the searchable internet with port 7547 open.
But instead of diverting those routers’ internet traffic to the criminals’ intended target in an attempt to bring websites or services offline, the routers crashed.
Deutsche Telekom, the German internet provider whose customers were affected, said Monday that close to 5 percent of its 20 million customers suffered outages as a result of the malware, beginning Sunday, according to Reuters.
That figure had fallen to about 2 percent by midday local time.
Germany’s federal office for information security confirmed in a bulletin on Monday that the malware was also “registered in the government network,” but added that it wasn’t effective due to the office’s security systems.
The telecom had issued a fix (with an English translation), asking users to power down their routers and wait, so that they pull the latest update from the servers upon reboot.
Other customers across Europe, including in the UK as well as Ireland, are vulnerable to similar open-port attacks, reports have said.
ZDNET INVESTIGATIONS
Inside the global terror watchlist that secretly shadows millions
At the US border, expect discrimination, detention, searches, and interrogation
An unsecured database leaves off-the-grid energy customers exposed
Meet the shadowy tech brokers that deliver your data to the NSA
US government pushed tech firms to hand over source code
More “mega breaches” to come, as rival hackers vie for sales
Revealed: How one Amazon Kindle scam made millions of dollars