Threat Research

Lizard Squad hackers use unsecured home routers in DDoS attacks

Deborah Salmi, 12 January 2015

Lizard Squad hackers use unsecured home routers in DDoS attacks

Your home router could be part of a network used to knock sites like Sony PlayStation network offline.

During Christmas we reported that a hacker group calling themselves the Lizard Squad, took responsibility for ruining the day for Sony PlayStation and Microsoft Xbox users by taking the gaming networks offline. This and previous attacks, which included a bomb threat directed at an American Airlines flight with Sony Entertainment president John Smedley on board, have been revealed to be a marketing campaign to advertise a new product available for rent to anyone who wants to cause a Denial-of-Service (DDoS) attack to the target of their choice.

shutterstock_147356855-2-339346-edited.jpg

 This Lizard is out to get your home router.

I’m not a hacker. Why should I care?

You may not be a hacker, but the power for this service could be coming from your home office! Security blogger, Brian Krebs, whose own site was attacked, found out that the network of infected devices that powers the Product-That-Must-Not-Be-Named (that’s because Lizard Squad gleefully thanked Brian for the publicity on their Twitter account) is made up mostly of compromised home routers. On that same Twitter account, Lizard Squad said that they are using 250-500k infected routers.

These are the devices in everyone’s home that we warned you about in our blog, Your home network is at risk of cybersecurity attacks. Most people neglect the security of these devices by using the default user name and password that comes from the manufacturer out-of-the-box.

Our research determined that nearly 80% of all home routers in use today are thinly protected by common, easily hacked passwords, making routers an easy entry point to the home network for hackers,” said Avast Software’s CEO, Vincent Steckler.

Lizard Squad has just proven that point.

Today’s router security situation is very reminiscent of PCs in the 1990s, with lax attitudes towards security combined with new vulnerabilities being discovered every day creating an easily exploitable environment, “ Steckler said. “The main difference is people have much more personal information stored on their devices today than they did back then. Consumers need strong yet simple-to-use tools that can prevent attacks before they happen.”

How to protect your home router

Start by scanning you home network with Avast’s Home Network Security Solution.

Open the Avast user interface, click Scan from the menu on the left, then choose Scan for network threats. Avast will take a look at your router and report back any issues. In most cases, if there is an issue to be addressed, then it will direct you to your router manufacturer’s website.

The Home Network Security Solution is available in free and paid versions of Avast 2015. Get it at www.avast.com.

For more steps you can take to protect your home router, please see our blog post, 12 ways to boost your router’s security.