A massive botnet campaign which has compromised over 14,000 routers globally and turned them into a potent cybercrime infrastructure has been discovered by cybersecurity researchers. KadNap is an advanced piece of malware is used in the attack to secretly infect routers and turn into the hubs of a distributed proxy botnet.
Security experts warn that this campaign draws attention to the increasing threat posed by poorly secured networking devices or particularly home and small-business routers that frequently have out-of-date firmware.
What Is KadNap Malware: Inside the Botnet’s Malicious Goals
A specific malware strain called KadNap is made to turn routers into botnet servers. Attackers can remotely take control of compromised devices and direct internet traffic through them because of the malware.The use of peer-to-peer networking technology which makes the botnet much more difficult to identify and stop. KadNap is one of the strongest features.
This malware employs a distributed communication model rather than a single command-and-control server. Without an administrative server the commands can travel throughout the network due to ability of each compromised router to communicate with other compromised devices.Cybersecurity teams find it very challenging to interfere with the botnet infrastructure because of this architecture.
The Virtual Proxy Network is a massive proxy network that the attackers created after infecting thousands of routers.Cybercriminals can effectively hide their true location and identity by using this network to route their internet activity through compromised routers.Such botnets can be employed for a number of malicious purposes such as:
- Distributed denial-of-service (DDoS) attacks
- doing complete web scraping
- Attacking with credential stuffing
- hide the source of cyberattacks
- Selling other cybercriminals proxy access
Security systems find it much more difficult to identify suspicious activity because the traffic comes from authentic home or business routers.That’s why this malware is very powerfull
How the Router Botnet Attack Happened
Cybercriminals start these attacks by searching the internet for routers that have known vulnerabilities. They frequently target devices where users failed to update firmware or modify default administrator credentials. Once a target is found to be vulnerable the attackers take advantage of these flaws to gain the remote access and run a malicious script.This script makes it easier for the KadNap malware to download and install directly on the networking hardware and signalling a change from conventional computer-based threats to attacks that target infrastructure.
Compared with normal malware KadNap specifically changes router configurations in order make the device into attacker controlled hidden botnet.These infections can go unnoticed for a long time because routers usually run continuously and don’t have the strong monitoring or antivirus software found on PCs.The user is totally unaware of the compromise because of this persistent connections which enables the botnet to use the router’s resources for a variety of criminal activities.
The Growing Threat of IoT Botnets
The more general cybersecurity issue involving Internet-of-things (IoT) devices flows to activate by the KadNap router botnet.Attackers are increasingly taking advantage of lazy security measures to create strong botnets that can launch worldwide cyberattacks as more homes and businesses depend on connected devices.
Security experts warn that similar campaigns may become even more widespread in the future in the absence of more strict device security regulations and increased user awareness.As right now the best defence against router-based malware threats is to keep networking devices up to date and secure.
How to Protect Your Router from Botnet Malware
To prevent malware from infecting routers, security professionals advise taking a number of precautions.Since manufacturers regularly release patches to address security flaws, updating router firmware on a regular basis is the most necessary step.
After configuring a router the users should also change the default administrator password right away. Attackers frequently use well known default credentials to obtain access.Another way to minimise vulnerability to outside attacks is to disable remote management features.
Reinstalling the recent firmware and doing a complete factory reset are advised. If a router is thought to be infected in order to get rid of any malicious changes.
