Earlier this week internet users in Germany had their internet access cut by attackers targeting the DSL modems provided by Deutsche Telekom. About 900,000 users were denied access by the attacks, a number that represented about five per cent of the German company's customers. Yesterday we became aware of similar attacks on UK-based internet services as two of them issued statements about 'service problems'. Apparently, since Sunday, there has been intermittent service interruptions experienced by hundreds of thousands of internet users who use the Post Office or TalkTalk as their ISPs.
Deutsche Telekom Speedport
The Post Office has said that 100,000 of its users have been affected by the cyber attacks but TalkTalk hasn't numerically quantified the disruption felt by its users. In a statement TalkTalk only admitted that "a small number of customer routers" had been impacted by the attacks. It added that "along with other Internet Service Providers in the UK and abroad, we are taking steps to review the potential impacts of the Mirai worm," before saying that a fix was being worked upon.
Cyber attackers have been using a modified version of the Mirai worm to disrupt services by various ISPs as well as sites including Spotify, Twitter, PayPal and Reddit. Such attacks are often precipitated by unpaid 'protection money' to criminals threatening to take down your site or network. The Mirai worm exploits vulnerabilities in IoT devices and will crash them or use them as part of a botnet in distributed denial of service (DDoS) attacks.
Talktalk branded D-Link DSL-3780
Reading around, the ISPs affected are simply unfortunate, in this instance, in the choice of routers shipped out to customers. Routers including the Zyxel AMG1302, D-Link DSL-3780, and some Speedport branded routers (in Germany) were unfortunately vulnerable to Mirai.