A dangerous new botnet called "Gayfemboy" is actively targeting and exploiting zero-day vulnerabilities in industrial routers worldwide, according to security researchers at XLabs.
The rapidly evolving botnet, first detected in early 2023, has grown into a large-scale distributed denial of service (DDoS) attack network. XLabs researchers discovered the botnet is leveraging previously unknown security flaws in both industrial routers and smart home devices.
Through monitoring of command and control domains, researchers identified over 40 distinct groupings and 15,000 active infected nodes per day. When the research team registered some of the malicious domains for analysis, the botnet operators immediately launched retaliatory DDoS attacks against them.
The attacks are geographically widespread, with most targets located in China, the United States, Germany, the United Kingdom, and Singapore. According to XLabs, hundreds of victims across various industries are being targeted daily.
To protect against these router-based attacks, experts recommend:
- Regularly updating router firmware
- Changing default admin credentials
- Implementing comprehensive DDoS defense strategies
- Monitoring systems for suspicious activity
While zero-day vulnerabilities are challenging to defend against by nature, taking basic security precautions can help limit exposure to the Gayfemboy botnet and similar threats targeting network infrastructure.
The threat continues to evolve as the criminal developers behind it actively hunt for new exploits to expand their attack capabilities. Organizations are advised to remain vigilant and maintain strong security practices around their networking equipment.