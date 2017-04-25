US ISP Goes Down As Two Malware Families Go To War Over Its Modems (bleepingcomputer.com) 19
An anonymous reader writes from a report via Bleeping Computer: Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month, on April 10. The attack, which the company claimed was a "malicious hacking event," was the work of BrickerBot, an IoT malware family that bricks unsecured IoT and networking devices. "BrickerBot was active on the Sierra Tel network at the time their customers reported issues," Janit0r told Bleeping Computer in an email, "but their modems had also just been mass-infected with malware, so it's possible some of the network problems were caused by this concomitant activity." The crook, going by Janit0r, tried to pin some of the blame on Mirai, but all the clues point to BrickerBot, as Sierra Tel had to replace bricked modems altogether, or ask customers to bring in their modems at their offices to have them reset and reinstalled. Mirai brought down over 900,000 Deutsche Telekom modems last year, but that outage was fixed within hours with a firmware update. All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.
Bricked or not? (Score:4, Insightful)
All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.
If the bricked devices were fixed, then they really were not bricked.
Companies deploy hardware without any upgrade plan (Score:3)
Liability (Score:3)
There are many things that are considered bad practice (or outright stupidity) that make it into the consumer market, these should be punished.
The lack of timely firmware updates (or even any updates), should be punished.
Hardcoded accounts/passwords should be punished
Telnet/SSH access from the DSL side on by default should be punished
Wireless not requiring a password (a complex one !) before the wireless can be enabled should be punished
If manufacturers had to shell out $1000 per item for this sort of behaviour a lot would go to the wall, the others would clean up their act quickly.
And NO, manufacturers can not opt-out/contract out of this (if they try, make it $5000 an item).
Sure, no software is perfect, but thats not the problem, its that so much junk is put out there with no attempt to make it secure. The average home user can not be expected to do this themselves.
