Go to ...

bLog Juga

BLOG ORANG AWAM Yang Berbicara Perkara Kecik, Remeh & Keduniaan Jer

RSS Feed

August 22, 2019

Aethra Botnet Attacks WordPress Sites




Exec summary: There is currently a botnet that has been identified that is targeting WordPress websites with a password guessing attack. If you have Wordfence installed with our default settings, you are already protected against this attack. The botnet is powered by modem/router devices. ISP’s are gradually patching the devices but many are left vulnerable or infected as some ISP’s respond slowly to this issue.

In February of this year a security researcher at Voidsec noticed brute force attacks on his personal WordPress site and he noticed a pattern in the IP addresses attacking his site. They were mostly Italian internet service providers. They were:

  • Fastweb
  • Albacom, now BT-Italia
  • Clouditalia
  • Qcom
  • WIND
  • BSI Assurance UK

What he discovered is that the IP’s attacking his site were all devices. They were all Aethra modem/routers to be exact. By doing some further sleuthing he discovered that all the Aethra devices involved in the attack were using default login credentials (blank/blank).

The modems had obviously been hacked and the attacker had gained access through the default login. They had then installed malware on the modems that launched a brute force password guessing attack on WordPress sites.

Read Full article

    Suka(0)Tak Suka(0)
    Is this Post useful? Useful Useless 0 of 0 people say this Post is useful.