A new variant of Gafgyt malware, which first emerged in 2014, is targeting small office and home routers from well-known brands, gaining access to the devices via known vulnerabilities. The new variant is being directed at three wireless router models. The Huawei HG532, Realtek RTL81XX, and Zyxel P660HN-T1A. The primary purpose of Gaygyt is to launch Distributed Denial of Service (DDoS) attacks against targets. DDoS attacks can have widely varying motivations by the attackers who launch them. While some DDoS attacks are directed toward online gamers or individuals, recent reporting from several security companies that provide DDoS mitigation services, including Group-IB, Link11 and Radware, confirmed recent targeting of businesses in the financial sector. DDoS attacks against companies are often financially motivated and are accompanied by extortion demands for payment in return for stopping the DDoS attack. More information on this malware can be found here: https://www.zdnet.com/article/this-aggressive-iot-malware-is-forcing-wi-fi-routers-to-join-its-botnet-army/
Analyst Notes
The routers that Gafgyt targets are older versions–at least five years old. It is recommended to either upgrade to a newer model or establishes a policy of installing the latest patches on a regular schedule. The more frequent the updates are, the better. Owners of these and all routers are also recommended to secure the device with strong, unguessable passwords.
