Massive Cyberattack Knocked Out Over 600,000 Routers in Midwestern US: Report

Authorities fear that it might have a serious impact on rural regions.

New Lumen Technologies' Black Lotus Labs analysis shows a cyberattack on October last year shut down more than 600,000 internet routers in multiple Midwest US states.

The assault that happened on October 25 and 27 was previously unknown despite its severity. However, the probe did not identify the targeted organization, but it tracked the internet issue to Windstream, an Arkansas ISP. The firm has yet to comment on the matter, according to report from The Verge.

Black Lotus Labs investigated the ActionTec T3200 and T3260 routers based on social media complaints and outage detectors online. After providers replaced the devices, users stated they were fixed.

Malware Behind the Cyberattack

Investigators found that the routers' functioning code was destroyed by "Chalubo," a remote access malware. How the firmware reached customers and who was behind the cyberattack are unknown.

According to the research, the company's clients received a bogus firmware upgrade that deleted critical router code, rendering them useless.

Lumen's report noted that the cyberattack "was planned to create an outage." Homeland Security Department referred the inquiries to the FBI, which declined to comment.

The massive cyberattack might have serious effects on rural and marginalized regions, researchers warned. Emergency services, remote crop monitoring, and healthcare providers' telemedicine and patient records may have been disrupted in these places, per Reuters.

The Lumen report and Reddit posts by Windstream users indicated an outage commencing around October 25.

Users had trouble connecting their routers to their ISP, preventing internet access. Windstream urged disabled router users to return them for replacements since remote repairs were impossible.

US-TECHNOLOGY
Ethernet cables are seen running from the back of a wireless router in Washington, DC on March 21, 2019. MANDEL NGAN/AFP via Getty Images

Increasing Cyberattacks on US Water Supplies

Notably, days before the cyberattack, the Environmental Protection Agency (EPA) warned of the rising frequency and severity of cyberattacks on water facilities nationwide.

The agency stressed in its enforcement notice that water systems must act immediately to protect the nation's drinking water.

According to NBC News, the EPA estimates that 70% of federally inspected utilities in the past year failed to fulfill breach and other incursion criteria. Officials recommended enhanced cybersecurity in smaller water systems, as smaller villages have been targeted by Russian and Iranian cyberattacks.

Insufficient procedures to prevent system access for former personnel and failure to change default passwords were found in certain water systems by the EPA. The agency stressed the necessity of preserving information technology and process controls since water companies use computer software to manage treatment plants and distribution networks.

Authorities warn that cyberattacks may interrupt water treatment and storage, destroy pumps and valves, and manipulate chemical levels to dangerous levels.

The lack of preemptive steps by many systems concerned EPA Deputy Administrator Janet McCabe, noting that water systems "in many cases" fail to fulfill their task to assess risks and vulnerabilities "and informing the way they do business."

Many private parties and people have tried to infiltrate water suppliers' networks and deface their websites, but newer efforts have focused on their operational systems.

byline quincy

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics