Cybersecurity researchers have uncovered a vast cyber intrusion network through which cybercriminals have secretly gained control of more than 14,000 internet-connected devices worldwide.
In a recent report, cybersecurity firm Lumine explained that most of the infected devices are ASUS routers, which were compromised using sophisticated malware known as "KadNap," used to route malicious internet traffic and carry out large-scale cyberattacks.
This software creates a network of compromised devices known as a "botnet" controlled remotely by attackers. Internet-connected devices are secretly compromised and linked together via a decentralized peer-to-peer system (where devices communicate directly with each other without a central server), making it extremely difficult to track or stop them.
Target devices could include a wide range of Internet of Things devices, such as home routers and other smart devices connected to the network, including some smart home appliances.
After gaining control of these devices, attackers use them to carry out distributed denial-of-service (DDoS) attacks, which are attacks that aim to flood websites and online services with massive amounts of data traffic, causing them to be disrupted or taken offline.
The company's report indicated that the increasing reliance of modern society on Internet of Things devices opens the door for malicious actors to exploit security vulnerabilities in these devices.
The report stated: "As internet-connected devices become more widespread, malicious actors have an increasing opportunity to build large-scale botnets specifically designed to infiltrate this growing category of devices, and use them to route data traffic and avoid detection by network security systems."
According to the researchers, most victims of the KadNap malware are concentrated in the United States, but infected devices have also been detected in several other countries, including the United Kingdom, Australia, Brazil, Russia and a number of European countries.
The average user often does not notice the software on their router, as its apparent effect may be limited to a slight slowdown in internet speed at times.
One of the main reasons why it is difficult to dismantle is the network's decentralized design, as it does not rely on a central server that law enforcement agencies can shut down, giving it a great ability to persist and remain hidden.
Attackers also take advantage of data traffic from home routers to bypass traditional security systems, as this traffic appears to be coming from ordinary users browsing the internet.
The report indicated that the main objective of this network is to conceal itself and make attacks more difficult to detect or stop.
KadNap software is sold through a service known as Doppelganger, where users exploit compromised devices to carry out multiple malicious activities, including brute-force attacks (repeated attempts to guess passwords until accounts are compromised) and targeted hacking campaigns.
The report concluded that every IP address associated with this malicious network represents an ongoing threat to both organizations and individuals, given its potential use in launching cyberattacks without the knowledge of the owners of compromised devices.
