• Log in
  • About Us
  • Privacy Policy
  • Contact us
Telecoms IT - VanillaPlus
  • Home
  • News
  • Verticals
    • 4G
    • 5G News
    • Big data analytics
    • Bill & Charge
    • CEM
    • Companies
    • Digital transformation
    • Fraud prevention
    • Managed services
    • Network optimisation
    • NFV Hub
    • OSS
    • People
    • Policy
    • Revenue assurance
    • Revenue management
    • Service assurance
    • Service Provisioning
    • Test & measurement
  • Digital Edition
  • Events
    • Events diary
    • Webinars
  • Videos
  • VP Featured
    • Webinars
    • Podcast
    • Editorial advisory board
    • Expert opinions
    • Hot List
    • Operator View
    • Press releases
    • Reports & whitepapers
    • Special reports
    • Talking Heads
    • Troubleticket
    • Digital Talking Heads
  • Directory
  • Tech Trends
  • Subscribe

You are here:

  • Home
  • Companies
  • Deutsche Telekom sees 900,000 routers go offline after possible failure of cyberattack

Deutsche Telekom sees 900,000 routers go offline after possible failure of cyberattack

30 November, 2016 at 11:00 AM

Deutsche Telekom sees 900,000 routers go offline after possible failure of cyberattack
Stephen Gates, chief research intelligence analyst at
NSFOCUS

Almost 900,000 Deutsche Telekom customers were hit by network outages — an attack reportedly aimed at hijacking consumer routers, Reuters reported on Tuesday.

The attack, which began on Sunday and continued until Monday, left those affected without internet service over the weekend. According to Germany’s incumbent telco, this is the second such large-scale attack on the company’s internet-connected devices since late October.

Stephen Gates, chief research intelligence analyst at NSFOCUS, commented: “In many broadband networks, customer premise equipment (home/business routers) calls home to company headquarters to validate paying customers, and to periodically get configuration and software updates.

Take the systems offline that provide this service functionality to the routers, and the network can likely be impacted. Another possibility for the outage is that hackers uploaded malware to the update servers, and this malware was either pushed or pulled to thousands of routers. This is a perfect example of a denial of service outage that did not involve a targeted DDoS attack.

“Most people don’t know that all broadband service providers have ensured they have backdoors into ‘their’ customer-edge devices; which can be cable modems, DSL modems, routers, etc. The reason for this is simple.

It ensures people don’t get services for free, while at the same time allowing the provider access into the remote devices for troubleshooting, updating, billing, etc. This helps reduce truck rolls and the associated costs. In this case, it appears that hackers have figured out a way to capitalise on the backdoor, and cause a noteworthy denial of service outage.”

Synopsys's Mike Ahmadi, global director – Critical Systems Security

Synopsys’s Mike Ahmadi, global director, Critical Systems Security

Synopsys’s Mike Ahmadi, global director – Critical Systems Security, said: “While it is still unclear what caused this mass outage, it is important to note that massively scalable cybersecurity attacks, as evidenced by the recent Mirai Botnet attacks, are sure to be the new rage with the malicious hacker community. This is particularly alarming because our testing tools have been able to uncover literally thousands of scalable attacks on very commonly deployed networking equipment and IoT devices over the last several years.

On more than one occasion we have discovered malformed inputs directed at the broadcast address of networks which caused the firmware of particular devices to erase, all at once. It seems that simply finding a vulnerability is no longer all that interests the malicious hacker world, but finding and exploiting high impact vulnerabilities is very interesting. Unless developers and users implement more rigour into discovering and mitigating software vulnerabilities, scalable attacks will continue to grow.”

A similar view is taken by Alex Mathews, EMEA technical manager at Positive Technologies. He added, “The attack of this kind isn’t something new: This year we had multiple reports about thousands of infected routers used for DDoS botnets. We would even suspect that this German story is about ‘a broken botnet’. After all, hackers are not very interested in broken routers, they prefer to take control over working routers, and use them for other attacks. Perhaps, someone tried to build a Mirai-like botnet out of these infected routers in Germany but something went wrong and routers just went off.

Alex Mathews, EMEA technical manager at Positive Technologies

Alex Mathews, EMEA technical manager at Positive Technologies

“Whether this attack could have been prevented depends on what type of vulnerability was used to infect the routers. For example, Mirai botnet code wasn’t too serious: the malware was looking for gadgets with well-known default passwords (admin: admin, root: password, and so on). If people had just changed these default passwords, their routers wouldn’t have been infected.

On the other hand, the malware authors can use more serious, unknown vulnerability in routers’ firmware or in communication protocols. In this case, users hardly can do anything to protect themselves. Only serious security tests can detect such vulnerability. It should be done by service providers and by routers’ manufacturers… but unfortunately, they don’t do enough safety testing.”

Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus


category: Companies, Connected Devices, Devices and Modules, News, Security

Tags: Alex Mathews, broadband, cybersecurity, DDoS, Deutsche Telekom, DSL, IoT, Mike Ahmadi, Mirai Botnet, modems, NSFOCUS, password, Positive Technologies, Reuters, Stephen Gates, Synopsys, vulnerability

Tech Trends Vanillaplus
 

Tech Trends - How will you harness the power of the evolving edge?

It’s easy to look at the latest figures and deduce that the cloud era is over, and the edge is now dominating technology decisions but, to arrive at that conclusion, you have to decide what and where the edge is. That is still open to debate…

READ NOW

Comments are closed.

  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
  • Subscribe
Relax time
Read the new novel by J.J. Cowan on Africa’s conflict minerals trade and forced labour. 5* Reviews on Amazon.co.uk Paperback & Kindle

Check out on Amazon

X

Be the first to know!

  • The top telecom IT news stories of the minute
    in your inbox
  • Exclusive offers for entry into hundreds of
    events worldwide
  • Free access to a huge selection of the latest
    analyst reports and whitepapers
Subscribe now so you don't miss out
Don’t show me this again
Please check your email
x
Vanillaplus - The Global Voice of Telecoms IT
The Global Voice of Telecoms IT

VanillaPlus is the world-leading resource covering digital transformation for the communications industry. VanillaPlus brings you exclusive News, Expert Views, and Event Reviews. See Interviews from CEOs, CTOs, and COOs who are successfully transforming their business today.

Connect

Facebook Twitter YouTube LinkedIn

NEWS

  • Latest Telecoms IT news

DIGITAL EDITION

  • Latest Editions

OTHER

  • Newsletters [Archive]

KNOWLEDGE CENTRE

  • Webinars
  • Special Reports
  • Talking Heads
  • Editorial Advisory Board

COMPANY

  • About
  • Contact Us
  • Terms & Conditions
  • Privacy Policy

PARTNERS

  • IoT News

© 2014-2021 VanillaPlus - The global voice for telecoms IT. All rights reserved.