Security News > 2023 > March > New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service attacks.
The threat actors behind HinataBot are said to have been active since at least December 2022, with the attacks first attempting to use a generic Go-based Mirai variant before switching to their own custom malware starting from January 11, 2023.
The malware, like other DDoS botnets of its kind, is capable of contacting a command-and-control server to listen for incoming instructions and initiate attacks against a target IP address for a specified duration.
The findings also come as Microsoft revealed that TCP attacks emerged as the most frequent form of DDoS attack encountered in 2022, accounting for 63% of all attack traffic, followed by UDP floods and amplification attacks, and packet anomaly attacks.
Besides being used as distractions to conceal extortion and data theft, DDoS attacks are also expected to rise due to the arrival of new malware strains that are capable of targeting IoT devices and taking over accounts to gain unauthorized access to resources.
"With DDoS attacks becoming more frequent, sophisticated, and inexpensive to launch, it's important for organizations of all sizes to be proactive, stay protected all year round, and develop a DDoS response strategy," the tech giant's Azure Network Security Team said.
- Protecting collocated servers from DDoS attacks using GRE tunnels (source)
- New DDoS-as-a-Service platform used in recent attacks on hospitals (source)
- Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (source)
- New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (source)
- Tor and I2P networks hit by wave of ongoing DDoS attacks (source)
- Week in review: VMware ESXi servers under attack, ChatGPT’s malicious potential, Reddit breached (source)
- Cloudflare blocks record-breaking 71 million RPS DDoS attack (source)
- How to prevent DDoS attacks (source)
- Massive HTTP DDoS Attack Hits Record High of 71 Million Requests/Second (source)
- Record-breaking number of record-breaking DDoS attacks confirmed (source)