LizardStresser, Lizard Squad’s rent-a-DDoS service, appears to be powered by a vast unsecured router botnet. It’s long past time to change those default passwords!
You might recall that Mark James and I covered a story back in November of last year about webcams being streamed online. Default login credentials were the culprit in that case.
Brian Krebs has reported on his blog that Lizard Squad took advantage of routers using default credentials in order to build a huge network of stresser bots to launch their paid DDoS-on-demand service, Lizard Stresser.
“NOT default”
“This is very much like a botnet,” says Mark James, ESET security specialist. “And highlights the need to ensure you change your default passwords for any devices you receive from a manufacturer.”
“When they attempt to take control of these devices they will only try the original password. They don’t have the power to brute force each router to find the password you have changed it too so technically it does not need to be anything mega difficult just NOT default.”
If you’d like some advice on making a memorable and secure password, then this blog post is for you. Remember that the important point is NOT to use the default passwords; it’s a simple preventative measure.
Stress for Lizard Squad
In other Lizard Squad related news, the infamous hacker gang have suffered a hack of their own, revealing the details of over 14,000 users. I’m sure everyone is going to shed a tear for them.
Two of the gang’s members have also been arrested after a joint FBI and British police operation following the Christmas hacking of Xbox Live and PSN.
The full story can be found on WeLiveSecurity.
Join our LinkedIn Group and stay up to date with our blog.
Do you change your default passwords asap? Any methods for creating secure passwords that I haven’t covered?