Privacy News Sh... IoT just got real: Mirai botnet attacks targeting multiple ISPs

[Solarquest]

Now ZyXEL and D-Link routers from Post Office and TalkTalk under siege

Analysis The Mirai botnet has struck again, with hundreds of thousands of TalkTalk and Post Office broadband customers affected. The two ISPs join a growing casualty list from a wave of assaults that have also affected customers at Deutsche Telekom, KCOM and Irish telco Eir over the last two weeks or so.

Problems at the Post Office began on Sunday, while TalkTalk was hit yesterday; collectively this has affected hundreds of thousands of surfers. Similar attacks against thousands of KCOM broadband users around Hull that started about the same time targeted users of telco-supplied routers. Thousands of punters at the smaller ISP were left without a reliable internet connection as a result of the assault, which targeted routers from Taiwanese manufacturer ZyXEL.

KCOM told El Reg that Mirai was behind the assault on its broadband customers, adding that: "ZyXEL has developed a software update for the affected routers that will address the vulnerability." The timing and nature of this patch remains unclear.

ZyXEL told El Reg that the problem stemmed from malicious exploitation of the maintenance interface (port 7547) on its kit, which it was in the process of locking down.

With malicious practice in place, unauthorised users could access or alter the device's LAN configuration from the WAN-side using TR-064 protocol.

ZyXEL is aware of the issue and assures customers that we are handling the issue with top priority. We have conducted a thorough investigation and found that the root cause of this issue lies with one of our chipset providers, Econet, with chipsets RT63365 and MT7505 with SDK version #7.3.37.6 and #7.3.119.1 v002 respectively.

More: Sh... IoT just got real: Mirai botnet attacks targeting multiple ISPs