Botnet Hijacking of Home Routers Spells DDoS Trouble


Trend Micro, a cybersecurity solution provider, recently released a troubling research report about a major new wave of attacks attempting to compromise consumer home routers for use in IoT botnets. In particular, the report cites three bot codebases that are most often used, and most powerful: Kaiten, Qbot, and Mirai. Botnets are increasingly used to launch Distributed Denial of Service (DDoS) attacks, but they are also used to facilitate click fraud, data theft and other such attacks.

The Trend Micro press release states: “…research revealed an increase from October 2019 onwards in brute force log-in attempts against routers, in which attackers use automated software to try common password combinations. The number of attempts increased nearly tenfold, from around 23 million in September to nearly 249 million attempts in December 2019. As recently as March 2020, Trend Micro recorded almost 194 million brute force logins.”

194 million brute force logins, in March 2020; let that number sink in. A nearly 10x increase signals trouble on the horizon. As DDoS-for-hire services compete with each other to build bigger and bigger botnets they are evermore rapacious to subsume all the IoT devices they can find that still have default passwords or weak login credentials.

Consumer IoT devices are often hacked to be recruited into zombie botnets because they are easy prey; after all, most consumers aren’t as tech-savvy as IT professionals, and they don’t hear, or comprehend, the many warnings about botnets. And, let’s face it, most of them don’t report to an employer/boss who will hold them accountable, if their devices do get hacked. Consumers are seldom the object of DDoS attacks; nonetheless, they have two good reasons to protect their devices: 1) When their routers, or other smart devices, are hijacked into a botnet, they suffer from slower performance or even a complete failure to perform their intended functions; and 2) Ultimately, it’s the morally right thing to do, as a good citizen. With this in mind, there are three steps home users can try, to improve their resilience to the growing army of bot herders; 1) change their passwords to something other than the default; 2) apply the most secure configuration possible, and 3) apply security updates and patches as soon as they are released.

This year has already seen a couple of well publicized high-volume, high-profile, record-breaking DDoS attacks that, fortunately for the targets, were thwarted. The ability of botnets to generate such attacks, and larger ones in the future, is beyond doubt. However, most DDoS attacks are nowhere near so large, or prominent.  In fact, like most cybercrime today, the perpetrators aim to make their attacks fly under the radar of the very protection put in place to stop them. For those criminals looking to make money from DDoS, the race to build bigger botnets is more about how many damaging paid-for attacks they can launch at the same time, than the biggest attack they can generate, with DDoS for hire services now attracting good returns. This is why any organization which is striving for high levels of uptime and business continuity should now be ensuring they are protected by always-on automated DDoS mitigation technology.

For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here.  If you’d like to learn more, please contact us.

Sean Newman is VP Product Management, responsible for Corero’s product strategy. Sean brings over 25 years of experience in the security and networking industry, to guide Corero’s growing leadership in the real-time DDoS protection market. Prior to joining Corero, Sean’s previous roles include network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.