Botherders are now leveraging vulnerabilities in Dasan GPON routers that was discovered earlier this week and published by an anonymous researcher on the VPNMentor blog. Attacks have been already been recorded by Netlabs. Sean Newman, Director of Product Management at Corero Network Security commented below.
Sean Newman, Director of Product Management at Corero Network Security:
“If the reports are verified, these Dasan GPON Routers join the escalating category of botnet-vulnerable IoT devices, and they underscore the growing risk of very large botnet-based DDoS attacks. This class of routers are typically connected directly to high-speed broadband Internet connections. Once compromised, these devices could be covertly “herded” by a bot master to form a botnet large enough to generate high-impact DDoS attacks against victims around the world.These routers will likely remain vulnerable until patches are available and applied. The challenge is that manufacturers often just move on to developing new router models, instead of updating older ones. Additionally, users of the routers may not know how to upgrade them, even if a patch is released, or may not actually be able update them, as the Service Providers which provide them often lock down that part of the user interface. In this case, it would be reliant on the service provider themselves to do it, which would take a herculean effort. In the face of this new attack risk, the best step that organizations can take, is to employ the latest generation of always-on, automatic DDoSprotection solutions which can detect and mitigate these DDoS attacks in seconds.”