Routers belonging to thousands of homes, universities and businesses could have been used to run LizardStresser DDoS attack service
Notorious hacking group Lizard Squad has apparently been using unsecured home internet routers to power its LizardStresser service, new research has discovered.
LizardStresser, which offers paying customers the chance to take down websites using DDoS (Distributed Denial of Service) attacks, was reportedly run by the group as part of a widespread ‘marketing campaign’ for Lizard Squad.
Hackers were easily able to gain access to thousands of routers in homes, universities and businesses due to users not changing their factory passwords, instead relying on combinations such as ‘admin/admin,’ or ‘root/12345’.
The hack affected routers across the globe, with internet users now being urged to change the default credentials on their home router – including the user name and password – as well as encrypting the connection if they are using a wireless router.
The information was uncovered by noted security blogger Brian Krebs on his KrebsOnSecurity site, which worked with a group of researchers associated with law enforcement officials and ISPs to help take infected systems offline, and thus disrupt the LizardStresser botnet.
Lizard Squad, which was behind the attacks on Sony’s PlayStation Network and Microsoft’s Xbox Live servers over the Christmas period, charged customers anywhere between $6 and $500 to use the service depending on the scale of the target (see picture above).
KrebsOnSecurity was one of the first sites taken down in 2015 by a series “large and sustained” DDoS attacks, one of 17,439 attacks or boots run by LizardStresser to date.
According to Krebs, the malware used by Lizard Squad to build its network of “stresser bots” has been online since early 2014, and can affect commercial routers at universities and companies as well as homes.
“In addition to turning the infected host into attack zombies, the malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as ‘admin/admin,’ or ‘root/12345’,” wrote Krebs.
“In this way, each infected host is constantly trying to spread the infection to new home routers and other devices accepting incoming connections (via telnet) with default credentials.”
Poor Wi-Fi routers
The news follows a similar warning from antivirus provider Avast last December, which warned that the security of home routers is often shockingly behind modern standards.
Speaking to TechWeekEurope, company COO Ondrej Vlcek said that Wi-Fi routers were facing a range of attacks as hackers look to go after smaller targets, with recent research carried out by Avast finding that nearly three out of four internet-connected households in the UK was at risk of getting attacked through their wireless router.
Commenting on the latest attack, Vlcek said Lizard Squad’s use of hundreds of thousands of home routers to power their service proves how vulnerable home routers currently are and to what extent they can be abused.
“The target is not the routers themselves, they are simply used as a means to reach the ultimate target. We have identified critical vulnerabilities in many of the world’s most used routers and it’s frightening to think that hackers have access to an army of routers spread all over the world that they can take control of via botnets to launch massive DDOS attacks against major sites. This is just the beginning of router hacking and it is therefore vital that people properly protect themselves.”
What do you know about Internet security? Find out with our quiz!