ISU Breach
I'm a reporter from Iowa, where Iowa State University recently experienced a data breach. 5 Synology servers were infected with malware that slaved them into a bitcoin mining botnet. I'm curious. What do you guys know about this? What is this malware called? How does it work? Why are Synology's servers vulnerable to these kinds of attacks? Are routers vulnerable too? How many attacks like this have you seen? Is there any way to track who did launched the attack?
Can someone please call me? Today?


email is:

2 Posts
Johannes covered this (or malware that is very very similar) in a story on April 1:…

This was a follow on to his story from the previous day:…

Many many devices are vulnerable to this kind of attack - common vectors are default passwords or vulnerable services such as PNP or HNAP. A common root cause is cost - because consumers want to pay the lowest price, so in an effort to cut costs, security is deemed "not a priority" when writing the code that runs on these devices in the first place. Two or three years later, when the device is 2-3 versions back, it's common to see the device firmware no longer being maintained - not that updating firmware is easy for most of these. This forces the people that do want updates to purchase new hardware, which re-enforces and rewards the vendor's bad behaviour (in not writing secure code).

This affects home routers and firewalls, TVs, PVRs, DVD players, even fridges and exercise equipment running android versions that aren't maintained. Expect this to start affecting thermostats, smart meters and more household devices as "smart" things see more traction over time. The "internet of things" is quickly becoming an "internet of vulnerable things", which is in turn becoming an "internet of infected, botnet and attacking things"

ISC Handler

Sign Up for Free or Log In to start participating in the conversation!