SoylentNews is people
SoylentNews
from the why-we-can't-have-nice-things dept.
Servers hosting Valve Source Engine and popular games like Fortnite are targeted by a new variant of the Gafgyt botnet.
A new Gafgyt variant is adding vulnerable internet of things (IoT) devices to its botnet arsenal and using them to cripple gaming servers worldwide.
The newly-discovered variant is capable of launching a variety of denial-of-service (DoS) attacks against the Valve Source Engine, a video game engine developed by Valve Corp. that runs popular games such as Half-Life and Team Fortress 2. Other gaming servers have also been targeted by the botnet, such as those hosting widely-played games such as Fortnite, researchers warn.
“This Gafgyt variant is a competing botnet to the JenX botnet, which also uses remote code-execution exploits to gain access and recruit routers into botnets to attack gaming servers – most notably those running the Valve Source Engine – and cause a denial-of-service,” said researchers with Palo Alto Networks’ Unit 42 research team, in analysis released Thursday. “This variant also competes against similar botnets, which we have found are frequently sold on Instagram.”
Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks. The newest Gafgyt variant targets two of the same small-office router remote-code-execution flaws as its predecessor, JenX, which was disclosed in 2018.
The two previously-targeted flaws are CVE-2017-17215 (in the Huawei HG532) and CVE-2014-8361 (in the Realtek RTL81XX chipset). However, the newest variant also targets another vulnerability, CVE-2017-18368, a remote command-injection bug on Zyxel P660HN wireless routers. The Zyxel P660HN-T1A (distributed by TrueOnline) has a command-injection vulnerability in the remote system log forwarding function, which can be accessed by an unauthenticated user, researchers said.
According to Shodan, there are more than 32,000 Wi-Fi routers worldwide that are vulnerable to these three flaws.
(Score: 2) by jasassin on Saturday November 02 2019, @04:55PM (2 children)
The only way router should be able to be hacked is if remote administration is enabled. Any other hack is inexcusable. If a router is hackable without remote access enabled I would never trust that company again.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 5, Interesting) by ledow on Saturday November 02 2019, @06:36PM (1 child)
Look up TR-069 - ISPs have a protocol to explicitly remotely control your router for you.
This is one of the reasons that you should always put a router behind your ISP router, that firewalls you off from them. Their supplied routers literally have the run of your local network and wireless while simultaneously they have administrative rights on them without your knowledge.
You always have to assume traffic is hostile, whatever, but stop giving them a device on your local network masquerading as a firewall against everyone when really it's just a firewall against everyone but the ISP.
(Score: 2) by jasassin on Saturday November 02 2019, @07:18PM
Thankfully I have the cable modem I bought from my ISP, but I have my own router, which I have checked the CSV's for any exploits (none found for my model).
I sure wouldn't trust an ISP cable modem/router.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A