State-sponsored hackers affiliated with China have targeted small office/home office routers in the U.S. in a wide-ranging botnet attack, Federal Bureau of Investigation Director Christopher Wray announced on Wednesday, Jan. 31.
Most of the affected routers were manufactured by Cisco and NetGear and had reached end-of-life status.
Department of Justice investigators said on Jan. 31, 2024, that the malware has been deleted from affected routers.
The investigators also cut the routers off from other devices used in the botnet.
IT teams need to know how to reduce cybersecurity risks that could stem from remote workers using outdated technology.
The cybersecurity threat in this case is a botnet created by Volt Typhoon, a group of attackers sponsored by the Chinese government.
Starting in May 2023, the FBI looked into a cyberattack campaign against critical infrastructure organizations.
SEE: Multiple security companies and U.S. agencies have their eyes on Androxgh0st, a botnet targeting cloud credentials.
The FBI is contacting anyone whose equipment was affected by this specific attack.
It hasn't been confirmed whether employees of a particular organization were targeted.
How to reduce cybersecurity risks from botnets for remote workers.
The fact that the targeted routers are privately owned highlights a security risk for IT pros trying to keep remote workers safe.
With IT members not overseeing the routers used at home, it is difficult to know whether employers may be using old or even end-of-life routers.
Botnets are often used to launch distributed denial of service attacks or to distribute malware, so defenses against those are important components of a complete defense against botnets.
Botnets are typically led by a centralized command and control server.
Software and hardware should be kept up to date, since end-of-life devices are particularly vulnerable.
In order to harden devices against being used in botnet attacks, run regular security scans, institute multifactor authentication and keep employees informed about cybersecurity best practices.
This Cyber News was published on www.techrepublic.com. Publication date: Fri, 02 Feb 2024 21:13:03 +0000