• Gafgyt IoT Malware Targets Old Routers for Botnet Army

    Home » Forums » AskWoody support » Connected home / Internet of things » Connected home / Internet of things – Misc » Gafgyt IoT Malware Targets Old Routers for Botnet Army

    Author
    Topic
    #1996914

    This aggressive IoT malware is forcing Wi-Fi routers to join its botnet army
    Gafgyt has been updated with new capabilities, and it spreads by killing rival malware.

    By Danny Palmer | October 31, 2019

     
    Tens of thousands of Wi-Fi routers are potentially vulnerable to an updated form of malware that takes advantage of known vulnerabilities to rope these devices into a botnet for the purposes of selling distributed denial of service (DDoS) attack capabilities to cyber criminals.

    A new variant of Gafgyt malware – which first emerged in 2014 – targets small office and home routers from well-known brands, gaining access to the devices via known vulnerabilities.

    The routers being targeted by the new version of Gafgyt are all old – some have been on the market for more than five years. Researchers recommend upgrading your router to a newer model and that you should regularly apply software updates to ensure the device is as protected as possible against attacks.

     
    Read the full article here

    4 users thanked author for this post.
    Viewing 5 reply threads
    Author
    Replies
    • #1996985

      Any recommendations for buying new browsers and, if possible, which brands and models, given this unsavory news?

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #1997014

      Maybe one that has OpenWRT (now LEDE) or DD-wrt support where stuff gets updated after the manufacturer has long abandoned their product.

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
      1 user thanked author for this post.
    • #1997040

      I noticed in the article that my old router (at least 13 yrs. old) wasn’t mentioned as being a target “yet”. I’ve looked at newer routers and they all seem to have the interface in the cloud instead of locally and I do not want to be in the cloud with my router access. Are there any decent routers that give local access (some ASUS routers do but they are older models not sure about the newer ones)??

      Don't take yourself so seriously, no one else does 🙂
      All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

      • #1997079

        I just posted a side comment on the IoT privacy thread Oscar started that I happened to find a deal on a new router.  For $31 (free shipping) on closeout at Best Buy, it has gigabit ethernet and dual-stream dual-band AC, and even though my existing (dual band, dual-stream N) router works fine, I couldn’t pass that up. DD-WRT has a firmware build for this model too, which is what I had been using on my old router.  It’s a decent upgrade (300 Mbps to 867 Mbps wireless speed) on the wireless end, and all of my main laptops are capable of using that 867 Mbps speed.  My desktop uses wired ethernet.

        The point of mentioning it in that other thread was to criticize and poke a little fun at its description as a “Smart wifi” router, as routers are actually SoC computers that are already pretty “smart.”  “Smart” things are devices that usually don’t have (much) computing power, but now they do.  Something that was already a computer doesn’t count!  Making it interface with a mobile app that can control it “from anywhere in the world” doesn’t make it any smarter, but it does make it more vulnerable.

        Fortunately, the ability only works if you create a Linksys account and log into that from your mobile device and your router.  The service to operate this bad idea, as I understand, doesn’t even start until it’s initiated from the router locally.  It’s a monumentally bad idea, but you don’t have to use it.  And if there’s concern over the mere existence of the feature, even if it is disabled, there’s the DD-WRT firmware, and there may be others too.  I’ll probably switch to DD-WRT before the router reaches the point where its manufacturer forgets about it and does not offer any more updates.

        Other than that silly feature, it seems like a pretty decent router so far.  It’s really cheap, too, and it has a gigabit switch, which I learned is rare in lower priced routers.  They have faster wifi speeds than the ethernet switch!  That’s just… wrong.  How useful is a high speed wireless connection for most people if their internet (and the connection to any wired PC, like NAS would be) is stuck at 100 Mbit?  Who wants that?

        Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
        XPG Xenia 15, i7-9750H/32GB & GTX1660ti, KDE Neon
        Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11)

        2 users thanked author for this post.
      • #1997736

        Just to add to my original post, I have always stuck with this old router because the latest & greatest routers are advertising high speeds and this router works great after all these years BUT I’m in a rural area with wireless and the top speed I can get on a good day is 15 Mbps so a fast router is a bit of overkill for me. However there would be security concerns with the old router since the last firmware update was quite a few years ago.

        Don't take yourself so seriously, no one else does 🙂
        All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

        • This reply was modified 4 years, 4 months ago by CADesertRat.
        1 user thanked author for this post.
        • #1997758

          The Internet speed you get is probably limited by your ISP connection (WAN). Where a fast router is beneficial is on your local network (LAN). If you transfer data between you computers you take advantage of the fast connections.

          1 user thanked author for this post.
          • #1997771

            The Internet speed you get is probably limited by your ISP connection (WAN). Where a fast router is beneficial is on your local network (LAN). If you transfer data between you computers you take advantage of the fast connections.

            Yes, the ISP is the limitation for Internet and my LAN seems pretty darn fast as is even with this old router. Of course that could be because I’m used to the LAN speeds LOL. 🙂

            Don't take yourself so seriously, no one else does 🙂
            All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

            • #1997993

              If you have a gigabit switch in your old router, that will be far faster than any wifi that existed 15 years ago.  I don’t know exactly when gigabit became common/affordable, but my 10 year old Netgear WNDR3700 router has one.

              I really didn’t need the new router, as I used wired ethernet for all of my heavy duty file transfer needs (the Acer Swift uses a USB3-to-ethernet adapter, as it has no ethernet port), but it’s still nice to be able to get decent speeds while not wired (like if one of the laptops is in use in another part of the house, where there are no ethernet cords handy).

              As for my internet… 10/100 would be more than enough to keep it from bottlenecking at the LAN.

              Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
              XPG Xenia 15, i7-9750H/32GB & GTX1660ti, KDE Neon
              Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11)

        • #1997805

          However there would be security concerns with the old router since the last firmware update was quite a few years ago.

          I was thinking the same, after reading about this new attack on routers, it’s my honest opinion it might be wise to upgrade. My ISP is a stickler for using products “approved” for use on their end, and we recently switched out from the old to a router that uses WPA2 and better services on the whole. However, it no longer receives updates and we’re a little concerned with this new threat. The newer model has been working flawlessly with no dropped connections, but … it’s old with no support in the way of updates, etc. Again, out with the old just to keep up with the every changing world of insecurities.

          MacOS, iOS, iPadOS, and SOS at times.

      • #2003700

        Yes, Asus still offers a web interface. Netgear and Synology too. So does my favorite company, Peplink. Here is a writeup on their cheapest router, the Surf SOHO

        https://www.routersecurity.org/pepwavesurfsofo.php

        It is also getting harder and harder to find a router company that does not spy on you. Peplink is great in this regard too.

        Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

        4 users thanked author for this post.
        • #2003715

          Yes, Asus still offers a web interface. Netgear and Synology too. So does my favorite company, Peplink. Here is a writeup on their cheapest router, the Surf SOHO https://www.routersecurity.org/pepwavesurfsofo.php It is also getting harder and harder to find a router company that does not spy on you. Peplink is great in this regard too.

          That’s quite a write-up on Peplink but it’s a bit above my paygrade being retired and all but good info none the less. Thanks

          Don't take yourself so seriously, no one else does 🙂
          All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

    • #1997700

      Cloud is an option that can usually be avoided, some netgears have this feature, I am forgetting what I did to get around that.

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
    • #2003411

      If you’ve turned off remote admin access and set a decent admin password there should be no problem with your router being hacked.

      cheers, Paul

      I have an older, way past 5 years old, Netgear N300 WiFi router with WPA2 that has performed flawlessly. However, there has not been a vendor update for that version in many years, although newer models have been released.

      I have disabled remote management access, and I hope that is enough.

      Windows 10 Pro 22H2

      • #2003701

        See the home page of RouterSecurity.org for some tweaks to improve the security of any router. Running a router with unsupported firmware is no different than running Windows XP. Perhaps even more dangerous.

        Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

        5 users thanked author for this post.
        • #2003719

          Thanks for that link! The site has some great information in one place!

          After reviewing the checklists, I believe that I am in good shape as far as securing my router. I had already employed all of the suggestions made. Locked down!

          My earlier query was mostly a curiosity about the true risk of running older routers. My router firmware is almost 2.5 years old, so I searched my router vendor for security bulletins on my model and nothing matched.

          I am particularly happy to see the Router Security site recommend using separate private and guest Wi-Fi networks with isolation for the guest network. When isolating the guest network, devices using that can only see the internet, but none of the other local network devices on the private network.

          All of my mobile devices are restricted to use the guest network only, so even if they are compromised when I am out and about, they cannot communicate with other devices on my private network when I connect them at home.

          Windows 10 Pro 22H2

          • #2004293

            If your router is a consumer device it may have been abandoned. No firmware update for 2.5 years seems like it is the end of the line. Your vendor may have a list of EoL devices. Worth checking.  If you are comfortable still using Windows XP, then keep using the router.

            Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

    • #2003667

      I would also make sure UPnP is disabled

      🍻

      Just because you don't know where you are going doesn't mean any road will get you there.
      1 user thanked author for this post.
      • #2003698

        Yup, that’s the first thing that I disabled way back when I bought the router!

        Cheers! 🙂

        Windows 10 Pro 22H2

        1 user thanked author for this post.
    Viewing 5 reply threads
    Reply To: Gafgyt IoT Malware Targets Old Routers for Botnet Army

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: