That’s discussing an attack from early September, and even then routers were not the most common item involved:
By fingerprinting the IPs, we were able to profile 3 different botnets:
- IoT CCTV Botnet (same as previously disclosed)
- IoT Home Routers Botnet (new)
- Compromised web servers coming from data centers (very common)
…
In this case, home routers made up 25% of the IP addresses, resulting in about 11,767 compromised routers.
(The “previously disclosed” CCTV botnet being approximately 25,000 items in size.)
The majority of the Dyn attack was from DVRs:
As with the gafgyt malware family, Mirai targets IoT devices. The majority of these bots are DVRs (>80percent) with the rest being routers and other miscellaneous devices, such as IP cameras and Linux servers.
