Californian ISP’s Modems Fall Victim To Malware Turf War

Criminals actively deploying malware often target unsuspecting users. In the state of California, however, one the local ISPs has suffered from massive outages due to two colliding malware attacks. Customers of the Sierra Tel ISP have been losing the internet and telephone connectivity over the past two and a half weeks as a result.

The Malware Turf War Kicks off in California

It is very troubling to learn one Californian ISP has to deal with not one, but two separate malware attacks at the same time. To be more specific, the incidents were first blamed in a modem firmware update gone awry, but it quickly became evident something else was going on. Sierra Tel admitted on April 11th they had become the victim of a malicious attack, which was executed by using sophisticated tools.

The initial investigation revealed someone was deliberately targeting the ISP’s Zyxel HN-51 modems. These are deployed to a lot of the ISP’s customers, and all of them had issues connecting to the internet. However, it later on turned out there was more at stake, as complaints kept flooding in over the course of several days. Things even got so bad the ISP asked customers to drop off their modems and have them replaced with a different model.

Unfortunately, the demand for new modems quickly outpaced the available supply. It was deemed necessary to have customers drop off modems, so they could get repaired by the Sierra Tel staffers. Needless to say, this whole ordeal took up a lot of valuable time, as all modems were only repaired by April 22nd. During this time, virtually no Sierra Tel customers had access to the internet or a landline. Not a pleasant experience for any of the parties involved, that much is certain.

As was to be expected, customers demanded an explanation from the ISP to figure out what transpired exactly. The company was forced to admit the BrickerBot malware had successfully infiltrated customer models and bricked them. Moreover, a lot of modems had suffered from a different malware attack just days prior to BrickerBot wreaking havoc. This overload of intrusions causes most devices to simply shut down, resulting in customers losing service access. This is a clear example of different types of malware fighting a turf war.

It remains unclear what type of malware was used to attack Sierra Tel modems right before the BrickerBot attack occurred. It is certainly possible one of the Mirai botnet clones was responsible for this initial attack, although that has not been officially confirmed at this time. Regardless of the malware type used, this story goes to show internet service providers need to pay closer attention to the hardware they install in customers’ homes.

What is rather intriguing is how the Brickerbot developer congratulated Sierra Tel on being transparent. The company is dealing with a PR nightmare as we speak, even though they did not cover up what happened by any means. However, the company is not without blame either, as they still allowed the attacks to take place. It is doubtful the company will retain a lot of its customers after this debacle, although they are still working with law enforcement to track down the culprits.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.