This article is part of our Essential Guide: How the Mirai botnet changed IoT security and DDoS defense

Deutsche Telekom botnet attack underlines infrastructure vulnerabilities

German telco says its broadband outages are linked to a botched attempt to hijack routers, which security experts say further underlines the cyber threat to internet connected infrastructure

Broadband outages for 900,000 Deutsche Telekom customers in the past two days have been blamed on a failed Mirai internet of things (IoT) botnet attack, underlining infrastructure vulnerabilities, say industry commentators.

The botnet was responsible for distributed denial of service (DDoS) attack on domain name system (DNS) services supplier Dyn on Friday 21 October that rendered a number of web services unreachable.

Deutsche Telekom’s head of IT security, Thomas Tschersich, has blamed the outages on a botched attempt to hijack customers’ routers into the Mirai botnet, according to Reuters.

Some routers, like other IoT devices that have static or unchanged default passwords, are vulnerable to attack by the Mirai botnet code.

Deutsche Telekom, which has 20 million customers in Germany, has issued a software update for three of the more than 12 routers from mostly Asian suppliers that it resells under the brand Speedport.

The updates are for models made by Taiwan’s Arcadyan Technology and the telecoms firm said it would review its relationship with the supplier, according to Reuters, which said Arcadyan did not respond to requests for comment.

On Monday 28 November, Deutsche Telekom said its security measures appeared to be taking effect, with the number of affected customers down to about 400,000 by midday.

Jerry Goodman, vice-president, government systems division at security and communications supplier ViaSat, said the outages at Deutsche Telekom further emphasised the weaknesses that exist in the increasingly connected world.

“In this case, consumers have been cut off from their internet, phone and TV, but it could have been worse,” he said. “With more and more critical infrastructure connected to the internet, rather than the more traditional dedicated lines, attackers have more opportunities to inflict damage.”

According to Goodman, there is no shortage of parties willing to carry out attacks on internet-connected critical infrastructure such as traffic and train signals, or water and energy supplies.

“To protect against these attacks, organisations must assume that every single part of their network infrastructure is a potential vulnerability, and should mitigate against this,” he said.

Read more about the Mirai botnet

Goodman recommends teaching both workers and customers best security practices as well as having various technologies in place.

“Organisations should have monitoring systems to detect unusual behaviour and to react before damage can be done, systems to control access by users and devices to critical systems, and multiple layers of encryption, so that potential damage can be minimised,” he said.

“Quite simply, by preparing for the worst, organisations can begin to hope for the best.”

Emily Orton, director at security firm Darktrace, said companies had a huge visibility problem. “They cannot see what is happening beneath the surfaces of their own networks,” she said.

“As more and more consumers bear the brunt of attacks through their internet providers and other suppliers, there will be mounting pressure for companies to make themselves more resilient.

“Clearly, Deutsche Telekom is working hard to fix the problems now. But we would be naïve not to expect more attacks against internet-connected devices as the world continues to embrace the internet of things.”

Read more on Hackers and cybercrime prevention