Specialists in computer security firm Incapsula found a large botnet consisting of 40 thousand devices running Linux. The investigation revealed that these devices are home and office Wi-Fi routers.
Infection of WI-FI routers have become possible thanks to the carelessness of their owners, who did not bother to change the factory default administrative password (admin, password, etc.). The attackers were scanning ranges of IP addresses, identify these devices and tried to log on default passwords. If the login was successful, the device’s firmware was modified and the device became part of a botnet.
Then a network of protraining devices were used to conduct DDoS attacks, surveillance of corporate traffic, to access the security cameras and search for other devices for subsequent infections.
Specific models and brands of routers are not named, but it is reported that most of the botnet products company Ubiquiti.
So your router is not stolen, experts recommend:
- change the factory default password;
- disable remote administration via Web.