Anarchy Botnet Compromises Huawei Routers


A Huawei router. / Photo by: Mk2010 via Wikimedia Commons


A botnet is a number of devices connected to the internet running one or more bots that may be used to perform distributed denial-of-service attacks. In a recent report, a new botnet called Anarchy managed to compromise thousands of Huawei routers.

According to Ankit Anubhav at NewSky security, an IoT hacker identified himself as anarchy and claimed the hacking of more than 18,000 Huawei routers. The vulnerability exploited by the botnet has been associated with the CVE-2017-17215. The security researcher reported that the hacker revealed the IP list of victims, which has not been made public.

Reports at ZDNet said that the code, which compromised the Huawei routers was a known flaw discovered in January this year. The code was also used in Brickerbot and Satori botnets. Unfortunately, the hacker’s motives remain unclear but he told the security researcher about the plan of developing the biggest and worst kind of botnet ever

Radware, a provider of cybersecurity devices for data centers, noted that the growing number of devices connected in IoT ecosystems exponentially increases the attack area of hackers. According to Gartner, about 6.4 billion connected devices were in use globally in 2016 and that is expected to grow to 20 billion by 2020.

If one percent of that has been hacked by IoT botnets, about 200 million different devices in various industries would be compromised. The compromise can affect the performance of devices in manufacturing, healthcare, and agriculture. Not to mention the impact it can deliver to the safety of customers and employees working in those industries.

IoT ecosystems are sometimes preferred by attackers because of its critical problems, such as:

- Constant availability of 24 hours a day, seven times a week, and 365 days per year.

- Low-security standards found in off-the-shelf products that give malware to easily change security logins.

- Poor maintenance and monitoring of devices.

- Cost-effective targets compared to other devices.

Anarchy botnet is still active and the hacker plans to target the CVE-2014-8361 vulnerability found in Realtek routers.