Gayfemboy 0-Day Router Attacks Ongoing—What You Need To Know – Forbes
Beware the gayfemboy DDoS router attacks.Hot on the heels of an IBM X-Force threat intelligence report warning that enterprise networks were in the perfect position to be compromised as 86% of router admin credentials had never been changed, now another dangerous router-based attack has been confirmed by XLab threat analysts. Here’s everything you need to know about the Gayfemboy botnet.A newly published threat analysis authored by security researchers Wang Hao, Alex Turing and Acey9 from XLabs has confirmed that the Gayfemboy botnet is rapidly evolving into a large-scale distributed denial of service attack network by leveraging zero-day industrial router vulnerabilities.Although first observed early last year, the Gayfemboy botnet has not only remained active ever since but has grown exponentially. This is primarily thanks to the fact that the criminal developers behind the malicious resource were “unwilling to remain mediocre,” the report said; instead, they launched “an aggressive iterative development journey.” A journey that has involved them hunting down and leveraging zero-day exploits in order to expand the threat surface and scale of attacks.It was the discovery of the use of zero-day vulnerabilities in industrial routers, along with unknown vulnerabilities in some smart home devices, that prompted the XLabs researchers to conduct their in-depth analysis of the Gayfemboy threat.The researchers said that they registered a number of command and control domains in order to be able to observe devices infected by the Gayfemboy attacks, revealing more than 40 grouping categories and 15,000 active nodes daily. “When it detected our registration of its domains,” the researchers said, Gayfemboy immediately retaliated “with a DDoS attack,” which they described as being an act of notable hostility. XLabs is not, of course, alone in being attacked. Gayfemboy targets hundreds of victims every single day, the researchers said, spread across the globe and industry with equal intensity. Most targets have, to date, been located in China, the U.S., Germany, the U.K. and Singapore.“Organizations and individuals should develop comprehensive defense strategies at various levels to mitigate the risks of DDoS attacks and enhance the overall resilience of their systems,” the researchers concluded. When it comes to router vulnerabilities, the mitigation is as critical as it should be obvious: update the router firmware to keep on top of newly discovered and patched vulnerabilities and ensure that you are not running the device with factory admin credentials. While zero-day vulnerabilities, by definition, are harder to mitigate, these basic measures can help to limit the potential as much as is possible.One Community. Many Voices. Create a free account to share your thoughts. Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil.Your post will be rejected if we notice that it seems to contain:User accounts will be blocked if we notice or believe that users are engaged in:So, how can you be a power user?Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
