TalkTalk and Post Office broadband customers hit by cyber attack

500,000 routers go offline as Mirai strikes again

Hacker overlooking a city

Broadband customers of TalkTalk and the Post Office have been hit by a cyber attack that has left them with no internet connection. The incident happened after a similar attack on routers belonging to customers of Deutsche Telekom.

Interruptions of service had been reported since Sunday and have affected up to 360,000 TalkTalk customers and 100,000 Post Office users.

The attack is said to involve a variant of the Mirai worm. Several routers have been affected by the malware, including Zyxel AMG1302, which is used by the Post Office and D-Link DSL-3780 the latter in use by TalkTalk.

In a statement to the media, a spokesperson for the Post Office said: "We would like to reassure customers that no personal data or devices have been compromised.

"We have identified the source of the problem and implemented a resolution which is currently being rolled out to all customers. For those customers who are still having problems, we are advising them to reboot their router."

A spokesperson for TalkTalk said in a press statement that: "Along with other ISPs in the UK and abroad, we are taking steps to review the potential impacts of the Mirai worm.

"A small number of customer routers have been affected, and we have deployed additional network-level controls to further protect our customers."

Earlier this week, Germany's Deutsche Telekom confirmed that up to 900,000 of its customers had lost internet access because of the Mirai worm. No one has claimed responsibility for the attack.

Andy Green, senior technical specialist at Varonis, told IT Pro that lessons that should be learned from these ongoing Mirai attacks are just how "vulnerable we were as a result of our own IT laziness".

"Sure, we can excuse harried consumers for treating their home routers and IoT gadgetry like toasters and other kitchen appliances just plug it in and forget about it. So, what excuse do professional IT types have for this rookie-level behaviour? Not much!" he said.

Jean-Philippe Taggart, senior security researcher at Malwarebytes, told IT Pro that the leaked Mirai code, poorly secured remote administration on IoT devices, coupled with the recent availability of a Metasploit module to automate such attacks make for an ideal botnet recruitment campaign.

"So far, it seems the infection does not survive a reboot, but the malicious actors tend to disable access to the remote administration as part of the infection. This prevents the ISP from applying an update that would solve these issues. The botnet gains a longer life as user seldom reboot their routers unless they're experiencing a problem," he said.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021