Article 6NKA4 Mysterious Malware Attack Destroys 600 Routers On One ISP In 72 Hours

Mysterious Malware Attack Destroys 600 Routers On One ISP In 72 Hours

by
Karl Bode
from Techdirt on (#6NKA4)
Story Image

Last Halloween, thousands of users for U.S. broadband provider Windstream began complaining online about the fact that their routers simply stopped working. At the time, Windstream (one of the worst ranked ISPs in the country) sent users replacement routers, but couldn't be bothered to transparently inform customers what was happening.

More than half a year later and Ars Technica points to a belated explanation of the incident by Lumen Technologies' Black Lotus Labs. Dubbing it the Pumpkin Eclipse," security researchers found that over a 72-hour period beginning on October 25, malware infected more than 600,000 routers connected to a singleautonomous system number (ASN) belonging to Windstream.

The culprit or motivation still haven't been identified, but the researchers note the outage impacted the kind of folks who already tend to have substandard broadband access:

Destructive attacks of this nature are highly concerning, especially so in this case. A sizeable portion of this ISP's service area coversrural or underservedcommunities; places where residents may have lost access to emergency services, farming concerns may have lost critical information from remote monitoring of crops during the harvest, and health care providers cut off from telehealth or patients' records. Needless to say, recovery from any supply chain disruption takes longer in isolated or vulnerable communities."

The report doesn't highlight this fact, but another recent report by the American Consumer Satisfaction Index found that Windstream has among the lowest customer satisfaction ratings of all U.S. broadband providers. Not only that, Windstream (which sees little competition and therefore little incentive to try) dropped 20% to 56, lower than nearly any company in any industry in America.

In other words, U.S. telecom monopolization and consolidation not only results in spotty coverage, slow speeds, terrible customer support, and high prices, it can help cultivate an additional security risk. The full Ars Technica analysis of the unique aspects of the attack are worth a read, though Windstream's lack of meaningful transparency into the incident remains curiously under-stated.

It's still not clear who launched the attack or what their motivation was (disgruntled employee? ransomware campaign? state-sponsored chaos agent?) and Windstream doesn't seem interested in shedding any more light on the incident. In part because feckless regulatory oversight and muted competition doesn't really give them any meaningful incentive to.

External Content
Source RSS or Atom Feed
Feed Location https://www.techdirt.com/techdirt_rss.xml
Feed Title Techdirt
Feed Link https://www.techdirt.com/
Reply 0 comments