Security Researchers have discovered that malware known as RouteX have infected Netgear routers and turned them into SOCKs proxies used for credential stuffing attacks. Michael Patterson, CEO at Plixer commented below.
Michael Patterson, CEO at Plixer:
“Organizations that think “I’m not a target” or “We don’t have any data that anyone wants” should take notice. This is an example of a botnet using vulnerable Netgear Routers to indiscriminately apply credential stuffing brute force tactics with stolen username and password credentials. When there is a successful login, the bad actor gains a foothold into the organization from which they can steal data or do damage. These small routers fall under the umbrella of the Internet of Things (IoT) and external LEDs on the devices or notifications would be helpful when they haven’t seen an update for a period of time. A hard stop – end of life (e.g. 3 years) on all IoT devices should also be considered. Every organization must understand that breaches are inevitable and systems like network traffic analytics are required for effective incident response and the forensic data required to understand what happened.”