Security Architecture, Endpoint/Device Security, IoT, Threat Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

IoT malware turf war takes out innocent ISP provider

An innocent ISP provider may have temporarily been taken out in the midst of a turf war over modems by two malware families.

The dispute likely caused an outage suffered by Californian ISP Sierra Tel on April 10 and caused customers to loose internet and telephone connectivity, according to Bleeping Computer.

The company admitted in an April 11 statement that it was the victim of a “malicious hacking event” shutting down initial rumors of the outage being caused by a botched firmware update. The attack affected the Zyxel modems model HN-51 and made it so that they couldn't' connect to the network anymore.

Sierra Tel said in the release that the malware was launched simply to cause a disruption and that similar attacks have often but not always involved lone hackers and amateur troublemakers. It took the firm nearly two weeks to repair all of the modems affected in the attack, according to an April 21 Facebook post on the company's page.

While the exact cause of the outage is unclear, Janit0r, a man claiming to be the creator of Brickerbot, told Bleeping Computer that his malware along with another malware family may have caused the incident.

"BrickerBot was active on the Sierra Tel network at the time their customers reported issues," Janit0r told the publication, "but their modems had also just been mass-infected with malware, so it's possible some of the network problems were caused by this concomitant activity."

The hackers went on to suggest that that Mirai was the other culprit responsible for infecting the modems adding that his malware was designed to go after the same devices targeted by other IoT malware and that Brickerbot is designed to render targets useless, similar to the Sierra Tel  devices, if it fails to secure its target.

It is also possible that other IoT malware families such as Hajime, Wifatch, Gafgyt, Imeij and others. The alleged hacker came to the ISP providers defense and applauded the firm for owning up to being hit with malware. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.