U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Lizard Stresser hacking tool relies on compromised home routers

Security expert Brian Krebs and a research team discovered that the Lizard Stresser DDoS tool relies on compromised Home Routers. Over the holidays the Lizard Squad team knocked out the networks of Sony PSN and Microsoft Xbox live service using a tool they have designed to run DDoS attacks. The tool is dubbed Lizard Stresser and according to […]

Lizard Stresser hacking tool relies on compromised home routers

Security expert Brian Krebs and a research team discovered that the Lizard Stresser DDoS tool relies on compromised Home Routers.

Over the holidays the Lizard Squad team knocked out the networks of Sony PSN and Microsoft Xbox live service using a tool they have designed to run DDoS attacks. The tool is dubbed Lizard Stresser and according to the security expert Brian Krebs its firepower is composed by thousands of hacked home Internet routers.

The Lizard Squad recently elaborated also a commercial offer for the Lizard Stresser which is proposing it with an attack-as-a-service model for sale.

Lizard Stresser 2

The Lizard Stresser tool is a powerful DDoS tool that draws on Internet bandwidth from hacked home Internet routers worldwide.

The security experts in the last months have uncovered numerous campaigns targeting home routers and more in general SOHO devices exploiting known vulnerabilities in their firmware or poorly configured devices configured with default factory settings.

“As I noted in a previous story, the booter service — lizardstresser[dot]su — is hosted at an Internet provider in Bosnia that is home to a large number of malicious and hostile sites. That provider happens to be on the same “bulletproof” hosting network advertised by “sp3c1alist,” the administrator of the cybercrime forum Darkode. Until a few days ago, Darkode and LizardStresser shared the same Internet address. Interestingly, one of the core members of the Lizard Squad is an individual who goes by the nickname “Sp3c.”” states Brian Krebs in his blog post

Analyzing the code of the malware used to recruit bot for the Lizard Stresser, Krebs discovered that the IP addresses of the botnet controller are hardcoded (217.71.50.x). The code used by the Lizard Squad is a variant of a Linux malware first discovered in November 2014 by experts at Dr. Web, it is able to run the attack and to scan the Internet searching for other devices to compromise.

Brian Krebs conducted the analysis with the support of a research team, which is also involved in investigation with law enforcement.

Below a few suggestions to improve the security of your home devices and avoid to be compromised by hackers:

  • Change the default credentials on the router by choosing a  strong password.
  • Enable wireless encryption on your router. It is suggested to enable WPA2 that is actually the strongest encryption technology available.
  • Be aware of “Wi-Fi Protected Setup” (WPS) technology implemented by many routers to facilitate device configuration. Unfortunately, this technology could open the door to hacker even if you are using a WPA connection. I suggest you to disable WPS, you can do it accessing the router’s administration page.
  • Keep the firmware of your router updated.

Krebs suggests the reading of an interesting tutorial to improve security of your PC, “Tools for a Safer PC,” and I share his recommendation

Pierluigi Paganini

(Security Affairs –  home router, Lizard Stresser)