If you currently use one of the best VPN routers as part of your home office setup, beware - hacking gangs are targeting them, along with Wi-Fi routers and media servers, as part of a botnet campaign.
Referred to by cybersecurity researchers as the Quad7 botnet, the hacking gang has been targeting Zyxel VPN appliances, Axentra media servers, and Ruckus wireless routers with custom malware.
Other hardware including ASUS and TP-Link routers have also been targeted by Quad7. By using the TP-Link botnet, Quad7 was able to launch password spraying attacks against Microsoft 365 accounts. This cyber attack sees hackers use one exposed password to try and gain access to multiple accounts.
As the botnet evolves, cybersecurity researchers have found that the gang is setting up new backdoors and using new evasive techniques to avoid being detected.
What are botnets?
A botnet is a network of private computers or devices that have all been infected with malware. This malware allows the devices to be controlled without the owner's knowledge and used by hackers.
Hackers can use botnets in a number of ways, including spreading malware to further computers, mining cryptocurrency, launching cyber attacks or sending spam.
The first botnet was discovered and exposed in 2001 following a lawsuit from internet service provider EarthLink. It was found that Khan C. Smith, creator of the botnet had been using it to send spam emails.
At the time, the botnet was responsible for 25% of all spam, sending 1.25 million phishing emails in just over a year. EarthLink sued Smith for $25 million for misusing their platform to spread his spam and create his botnet.
How can you tell if your device is part of a botnet?
Unfortunately, any internet-connected device is at risk of becoming part of a botnet. This means that it's important to understand the signs that your device has been hacked and is being used as part of a botnet.
Here are a few signs your device is part of a botnet:
- Your computer activity is abnormally high. If your computer seems to be working overtime, its fans kicking into a high degree or your processor is overloaded without any real cause, this may be a sign that this work is being done as part of a botnet.
- You've recently not been cyber-safe. If you've done something risky in a cybersecurity sense recently e.g. clicked on a phishing link or downloaded unverified software, your device may have been infected with botnet malware.
- Your internet speeds have slowed down significantly. If your router is on and connected, but your internet has slowed to a crawl, it may be because it or your device is using this power elsewhere.
- You find emails/messages you don't recognize in your sent folder. If your device is being used as part of a spam/phishing botnet, these messages may be coming directly from your account. If you notice messages you don't remember sending to people you don't recognize, this could be because your device is being used by hackers to send these messages.
- Your device randomly crashes. If apps that worked completely fine are now causing your device to freeze or crash, this could be a sign that your device is being used by hackers.
- Your RAM usage has suddenly increased. Botnets use a huge amount of RAM, so if you notice a large portion of your memory is mysteriously being used, this could be the cause.
- Your device has started to take a long time to startup/shutdown. If your device is taking a long time to boot up or power down, this could be a sign that it is part of a botnet.
How to prevent your devices being used as part of a botnet
As the saying goes, an ounce of prevention is worth a pound of cure. This goes for protecting against malware and stopping your devices from becoming part of a botnet.
Below are some simple tips to keep your devices safe from botnets:
- Remember to update your devices regularly. Even the best router VPN cannot keep you safe if it is not being updated regularly to patch any vulnerabilities it may have. Regularly updating your devices helps keep hackers out by removing avenues for them to get in.
- Practice good cyber security hygiene. If you avoid risky cyber behavior, it can reduce the chances that you will be infected with botnet malware. This includes only downloading software from trusted providers, verifying email attachments before you download them, and checking links before clicking on them.
- Use anti-malware software. Using the best antimalware or malware-blocking software helps keep you safe not only from botnets but other cyber nasties like phishing. Some of the best VPNs, like NordVPN and Surfshark, offer malware blocking as part of their VPN services (for example Nord's Threat Protection Pro) to keep you extra safe online.