Outdated D-Link routers are under attack from two aggressive botnets—FICORA and CAPSAICIN, a variant of the Kaiten botnet.
Outdated D-Link routers are under attack from two aggressive botnets—FICORA and CAPSAICIN, a variant of the Kaiten botnet. These cyber threats are exploiting long-known security flaws in D-Link’s Home Network Administration Protocol (HNAP), posing significant risks to users who haven’t updated their router firmware.
How do the exploits work?
The botnets are taking advantage of vulnerabilities such as CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112. These flaws allow hackers to gain remote access to devices and execute harmful commands. Despite being discovered years ago, these vulnerabilities remain a problem because many users have not applied firmware updates or retired old devices.
FICORA spreads its infection globally, using a remote server to deploy shell scripts that download the botnet payload. It features a brute-force function that uses default usernames and passwords to compromise devices. The botnet then launches Distributed Denial-of-Service (DDoS) attacks through UDP, TCP, and DNS protocols.
CAPSAICIN, on the other hand, has concentrated its efforts on East Asia, particularly Japan and Taiwan. Between October 21 and 22, 2024, it launched widespread attacks. CAPSAICIN uses similar techniques but aggressively terminates competing botnet processes to maintain exclusive control over infected devices. Once connected to its command-and-control server, it can download files, execute shell commands, and perform DDoS attacks.
What can you do to protect yourself?
If you’re using an old D-Link router, it’s essential to take immediate steps to secure your device:
- Update Router Firmware: Check D-Link’s website for the latest firmware updates and apply them without delay.
- Disable Unnecessary Services: If you don’t use HNAP, disable it to reduce your exposure to these vulnerabilities.
- Change Default Passwords: Replace factory-set usernames and passwords with strong, unique credentials.
- Monitor Your Network: Keep an eye on unusual traffic or activity on your network that could indicate a compromise.
Why it matters?
These attacks highlight the dangers of relying on outdated hardware. As botnets like FICORA and CAPSAICIN grow more sophisticated, even older vulnerabilities remain attractive targets. For businesses and individuals alike, keeping devices updated and secure is critical to avoiding disruptions and potential data loss.
Protecting your network starts with awareness and action. Don’t wait for a breach - secure your devices now to stay ahead of cybercriminals.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.