"Researchers Discover 40,000-Strong EOL Router, IoT Botnet"

Security researchers at Lumen Technologies recently discovered a 40,000-strong botnet packed with end-of-life routers and IoT devices being used in cybercriminal activities.  According to the researchers, a notorious cybercriminal group has been running a multi-year campaign targeting end-of-life small home/small office (SOHO) routers and IoT devices worldwide.  The router botnet, first seen in 2014, has been operating quietly while growing to more than 40,000 bots from 88 countries in January and February 2024.  The researchers noted that the majority of these bots are used as the foundation of a notorious, cybercriminal-focused proxy service, known as Faceless.  The researchers said that the SOHO/IoT based activity cluster was observed communicating with tens of thousands of distinct IP addresses per week.  Security researchers are recommending that corporate network defenders look for attacks on weak credentials and suspicious login attempts, even when they originate from residential IP addresses which bypass geofencing and ASN based blocking.  The researchers noted that security practitioners should also protect cloud assets from communicating with bots that are attempting to perform password-spraying attacks and begin blocking IoCs with Web Application Firewalls. 

SecurityWeek reports: "Researchers Discover 40,000-Strong EOL Router, IoT Botnet"