TalkTalk and Post Office broadband customers hit by cyber attack

500,000 routers go offline as Mirai strikes again

Broadband customers of TalkTalk and the Post Office have been hit by a cyber attack that has left them with no internet connection. The incident happened after a similar attack on routers belonging to customers of Deutsche Telekom.

Interruptions of service had been reported since Sunday and have affected up to 360,000 TalkTalk customers and 100,000 Post Office users.

Advertisement - Article continues below

The attack is said to involve a variant of the Mirai worm. Several routers have been affected by the malware, including Zyxel AMG1302, which is used by the Post Office and D-Link DSL-3780 the latter in use by TalkTalk.

In a statement to the media, a spokesperson for the Post Office said: "We would like to reassure customers that no personal data or devices have been compromised.

"We have identified the source of the problem and implemented a resolution which is currently being rolled out to all customers. For those customers who are still having problems, we are advising them to reboot their router."

A spokesperson for TalkTalk said in a press statement that: "Along with other ISPs in the UK and abroad, we are taking steps to review the potential impacts of the Mirai worm.

"A small number of customer routers have been affected, and we have deployed additional network-level controls to further protect our customers."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Earlier this week, Germany's Deutsche Telekom confirmed that up to 900,000 of its customers had lost internet access because of the Mirai worm. No one has claimed responsibility for the attack.

Andy Green, senior technical specialist at Varonis, told IT Pro that lessons that should be learned from these ongoing Mirai attacks are just how "vulnerable we were as a result of our own IT laziness".

"Sure, we can excuse harried consumers for treating their home routers and IoT gadgetry like toasters and other kitchen appliances just plug it in and forget about it. So, what excuse do professional IT types have for this rookie-level behaviour? Not much!" he said.

Jean-Philippe Taggart, senior security researcher at Malwarebytes, told IT Pro that the leaked Mirai code, poorly secured remote administration on IoT devices, coupled with the recent availability of a Metasploit module to automate such attacks make for an ideal botnet recruitment campaign.

Advertisement - Article continues below

"So far, it seems the infection does not survive a reboot, but the malicious actors tend to disable access to the remote administration as part of the infection. This prevents the ISP from applying an update that would solve these issues. The botnet gains a longer life as user seldom reboot their routers unless they're experiencing a problem," he said.

Advertisement

Recommended

Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020
Visit/security/internet-security/355228/mozilla-fixes-two-firefox-zero-days-being-actively-exploited
internet security

Mozilla fixes two Firefox zero-days being actively exploited

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020