It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Routers provided to German and Irish ISP customers for Deutsche Telekom and Eircom, respectively, have already been identified as being vulnerable, according to recently published reports from researchers tracking the attacks. The attacks exploit weaknesses found in routers made by Zyxel, Speedport, and possibly other manufacturers. The devices leave Internet port 7547 open to outside connections. The exploits use the opening to send commands based on the TR-069 and related TR-064 protocols, which ISPs use to remotely manage large fleets of hardware. According to this advisory published Monday morning by the SANS Internet Storm Center, honeypot servers posing as vulnerable routers are receiving exploits every five to 10 minutes.
People who want to lock down their routers and have the necessary technical skills should reboot them and immediately check to see if the devices are listening for incoming commands on port 7547. As mentioned above, most Mirai-infected devices will be locked down and will display few indications of compromise, although frequent reboots have been reported in a least some cases. Generally speaking, IoT devices are disinfected each time they're restarted. A good practice is to reboot them and immediately lock them down with a strong password, or, better yet, to disable remote administration.
Read more at this Link