Gayfemboy 0-Day Router Attacks Ongoing—What You Need To Know
Hot on the heels of an IBM X-Force threat intelligence report warning that enterprise networks were in the perfect position to be compromised as 86% of router admin credentials had never been changed, now another dangerous router-based attack has been confirmed by XLab threat analysts. Here’s everything you need to know about the Gayfemboy botnet.
A newly published threat analysis authored by security researchers Wang Hao, Alex Turing and Acey9 from XLabs has confirmed that the Gayfemboy botnet is rapidly evolving into a large-scale distributed denial of service attack network by leveraging zero-day industrial router vulnerabilities.
Although first observed early last year, the Gayfemboy botnet has not only remained active ever since but has grown exponentially. This is primarily thanks to the fact that the criminal developers behind the malicious resource were “unwilling to remain mediocre,” the report said; instead, they launched “an aggressive iterative development journey.” A journey that has involved them hunting down and leveraging zero-day exploits in order to expand the threat surface and scale of attacks.
It was the discovery of the use of zero-day vulnerabilities in industrial routers, along with unknown vulnerabilities in some smart home devices, that prompted the XLabs researchers to conduct their in-depth analysis of the Gayfemboy threat.
