Nearly a million users across Europe were thrown off the internet during the weekend into Monday after criminals tried to hijack home routers as part of a coordinated cyber attack.
Security researchers said that routers given to customers in Germany by their internet providers were at risk of attack from the notorious Mirai malware, most notable for its large-scale botnet that brought parts of the internet offline on the US east coast last month.
Mirai, if used to attack specific targets, can bring down websites, services, or even internet infrastructure, which can mean widescale outages.
The routers, most of which were made by Zyxel and Speedport, had port 7547 open, typically used by internet providers to remotely manage and maintain in case of outage or issue.
The exploit code used to attack the routers is believed to be derived from a modified version of Mirai, which instead of commandeering vast numbers of internet-connected surveillance cameras was used in a botched attempt to hijack home routers. According to the SANS Internet Storm Center, which was first to report the issue, honeypots pretending to be affected routers are receiving exploit orders as quickly as once every five minutes.
there are more than 41 million devices on the searchable internet with port 7547 open.
But instead of diverting those routers’ internet traffic to the criminals’ intended target to bring websites or services offline, the routers crashed.