TalkTalk and Post Office broadband customers hit by cyber attack
500,000 routers go offline as Mirai strikes again
Broadband customers of TalkTalk and the Post Office have been hit by a cyber attack that has left them with no internet connection. The incident happened after a similar attack on routers belonging to customers of Deutsche Telekom.
Interruptions of service had been reported since Sunday and have affected up to 360,000 TalkTalk customers and 100,000 Post Office users.
The attack is said to involve a variant of the Mirai worm. Several routers have been affected by the malware, including Zyxel AMG1302, which is used by the Post Office and D-Link DSL-3780 the latter in use by TalkTalk.
In a statement to the media, a spokesperson for the Post Office said: "We would like to reassure customers that no personal data or devices have been compromised.
"We have identified the source of the problem and implemented a resolution which is currently being rolled out to all customers. For those customers who are still having problems, we are advising them to reboot their router."
A spokesperson for TalkTalk said in a press statement that: "Along with other ISPs in the UK and abroad, we are taking steps to review the potential impacts of the Mirai worm.
"A small number of customer routers have been affected, and we have deployed additional network-level controls to further protect our customers."
Earlier this week, Germany's Deutsche Telekom confirmed that up to 900,000 of its customers had lost internet access because of the Mirai worm. No one has claimed responsibility for the attack.
Andy Green, senior technical specialist at Varonis, told IT Pro that lessons that should be learned from these ongoing Mirai attacks are just how "vulnerable we were as a result of our own IT laziness".
"Sure, we can excuse harried consumers for treating their home routers and IoT gadgetry like toasters and other kitchen appliances just plug it in and forget about it. So, what excuse do professional IT types have for this rookie-level behaviour? Not much!" he said.
Jean-Philippe Taggart, senior security researcher at Malwarebytes, told IT Pro that the leaked Mirai code, poorly secured remote administration on IoT devices, coupled with the recent availability of a Metasploit module to automate such attacks make for an ideal botnet recruitment campaign.
"So far, it seems the infection does not survive a reboot, but the malicious actors tend to disable access to the remote administration as part of the infection. This prevents the ISP from applying an update that would solve these issues. The botnet gains a longer life as user seldom reboot their routers unless they're experiencing a problem," he said.