More than 600,000 internet routers belonging to a single internet provider were rendered permanently inoperable during a three-day period in October. Lumen Technologies’ Black Lotus Labs detailed the attack in research that showed nearly half of the company’s modems were taken offline. The attack was unprecedented in its scale, requiring the replacement of over 600,000 devices, and was similar to a previous attack known as AcidRain, which was used as a precursor to an active military invasion. The affected routers were traced to two different brands, Sagemcom and ActionTec, both displaying a static red light.
One specific internet provider experienced a 49% decrease in the number of devices connected to the internet over the three days in October. Lumen’s researchers noted that this provider’s service area covered rural or underserved communities, leading to potential loss of access to emergency services, critical information for farming concerns, and disruption of telehealth services for healthcare providers. While the provider was not named in the report, it has been identified as Windstream based on event descriptions and internet outages on the dates of the attack. Windstream declined to comment on the incident.
The attack was likely a deliberate action by an unknown malicious cyber actor, according to Lumen’s researchers, who did not speculate on the identity of the perpetrator. The event was confined to a single autonomous system number (ASN), which is like an internet provider’s identification number, rather than affecting a specific router model or vulnerability. The FBI did not provide immediate comment on the incident. It was emphasized that destructive attacks like this can disrupt internet connectivity and expose personal information, necessitating stronger network security measures.
To protect your router from similar attacks, it is recommended to create a unique password, change it regularly, and avoid easily guessed passwords. Enabling the firewall and Wi-Fi encryption on your router can prevent eavesdropping on data sent between devices. Upgrading to a WPA3 router, the latest security protocol certified by the Wi-Fi Alliance, can provide additional protection against cyber threats. Routers rented directly from internet providers, like the ActionTec models mentioned in Lumen’s report, may still be using older security protocols and should be upgraded if possible.
Destructive attacks like the one experienced by the internet provider in October are concerning due to the extended downtime and potential risks to personal information. It is crucial for individuals and organizations to take proactive steps in securing their routers and networks from cyber threats. By following recommended security practices such as creating unique passwords, enabling firewall and encryption features, and upgrading to WPA3 routers, users can help mitigate the risk of similar attacks in the future. It is also important for internet providers to deploy updated security measures to protect their infrastructure and customers from potential cyber threats.
