Malicious Router Log-Ins Soar Tenfold in Botnet Battle

Home users are being urged to ensure their routers are adequately protected after experts revealed a tenfold spike in brute force log-in attempts.

Trend Micro’s latest research, Worm War: The Botnet Battle for IoT Territory, describes a threat landscape in which rival cyber-criminals are competing against each other in a race to compromise as many devices as possible, to conscript into botnets.

The vendor claimed that automated log-in attempts against routers rose from 23 million in September to nearly 249 million attempts in December 2019. As recently as March this year, it detected almost 194 million brute force logins.

The report also revealed an uptick in routers attempting to open telnet sessions with other devices. As telnet is unencrypted it’s a favorite way for hackers or their botnets to sniff user credentials and therefore infect more routers or IoT devices.

Nearly 16,000 devices attempted to open telnet sessions with other IoT devices in a single week in mid-March, according to Trend Micro data.

The report warned that these mass compromises could cause serious disruption for home networks at a time when many global users are being forced to work and study from home.

Aside from performance issues, if a compromised router subsequently carries out cyber-attacks as part of a botnet, its associated IP address could end up being blacklisted, cutting off users from their corporate network and other key parts of the internet.

The “worm wars” described by Trend Micro also have a wider impact on the security of the connected world, according to principal security strategist, Bharat Mistry.

“Home routers and consumer grade IoT devices continue to be easy pickings for hackers. The potential for mass scale and geographic distribution of compromised devices allows cyber-criminals to create powerful botnets that can cripple victim organizations,” he told Infosecurity.

“Compromised devices are the foot soldiers for lucrative attack campaigns and have sparked a war between cyber-criminals competing to take over as many routers as they can.”

Botnets are typically used in DDoS campaigns or rented out by cyber-criminals for other purposes such as to obfuscate the location of attackers.

The report urged home users to use a strong router password and stay on the latest firmware version, alongside log monitoring and other measures.

What’s Hot on Infosecurity Magazine?