In this week's Technology Today, we discuss TheMoon botnet, that sneaks its way through a zero-day vulnerability loophole in GPON WiFi routers - beware!
This is not the first warning against DASAN GPON WiFi routers; however, some people still have them synced to the internet! If so, remove ASAP! Why? Well, security researchers from Qihoo 360 Netlab verified that TheMoon is mining data via an undisclosed zero-day vulnerability and ultimately allowing the attacker to take full control of the device, remotely. Netlab determined this after conducting two tests via versions of GPON home routers. We are still awaiting NEW info on how to avoid attacks via the zero-day vulnerability, as it has yet to be released.
HOW DID IT COME TO BE?
IS THEMOON THE ONLY THREAT?
Unfortunately, TheMoon botnet is not the only threat, targeting GPON routers. The below botnets are also attackers that you need to be on the lookout for.
- Attackers have been using an open-sourced Mettle attack module to imbed malware on vulnerable routers.
- Discovered last week, as it was hacking a critical Drupal flaw - the latest update has been programmed to hack GPON vulnerabilities; in addition to DD-WRT and JBOSS.
Mirai (NEW Variants)
- GPON exploit has also been mixed into new strains of the Mirai botnet - this botnet first emerged in 2016, when it was used to launch record-breaking DDoS attacks.
- Has been found exploiting GPON via its code, to target home routers.
- Added GPON to it's latest variant.
Did you find this blog informative? Will you or your company and its employees safeguard themselves against these threats? Do you have a subject you would like for us to cover next? Sound off below and be sure to subscribe to our emails!
Until next time, Techies!