Home & small office wireless routers exploited to attack gaming servers, according to research from Unit 42 (the Palo Alto Networks threat intelligence team), which discovered that an updated Gafgyt variant attempting to infect IoT devices, specifically small office/home wireless routers of known commercial brands. More than 32,000 WiFi routers are potentially vulnerable to these exploits around the world.
Palo Alto Networks’ recent acquisition of Zingbox allowed Unit 42 to gain further visibility into the IoT security threat landscape and make this discovery.
Key findings of the research include:
● More than 32,000 WiFi routers are potentially vulnerable: Unit 42 found updated Gafgyt samples using exploits that abuse known vulnerabilities (some of which are more than 5 years old) in IoT devices around the world, specifically small office/home wireless routers of known commercial brands like Zyxel, Huawei and Realtek.
● This variant competes against similar botnets sold on Instagram: This malware sample contained Instagram usernames related to people selling “Botnet-as-a-Service” in a price range of $8 to $150 USD. However, Gafgyt is not being sold on Instagram.
● This malware targets gamers: The compromised routers are being used to target various gaming servers, most notable those running the Valve Source that runs popular games like Half-Life and Team Fortress 2 among others.
● Gafgyt is indicative of a broader threat landscape: Palo Alto Networks research finds 41% of general IoT devices continue to use default passwords, and 98% of all IoT device traffic remains unencrypted.