Security News

Threatening botnets can be created with little code experience, Akamai finds
2023-05-31 14:26

Botnets are also getting easier to build and deploy because, much like legitimate software development, malicious botnets can be created using existing codebases. One example of how little technical sophistication is required is evinced by a botnet dubbed Dark Frost by researchers at Akamai web services.

Someone is roping Apache NiFi servers into a cryptomining botnet
2023-05-31 13:49

If you're running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else's behalf. "Routers make bad cryptomining servers. Cryptomining may be what they end up doing if the lateral movement doesn't get them anywhere."

Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry
2023-05-25 14:53

A new botnet called Dark Frost has been observed launching distributed denial-of-service attacks against the gaming industry. "The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices," Akamai security researcher Allen West said in a new technical analysis shared with The Hacker News.

Andoryu Botnet Exploits Critical Ruckus Wireless Flaw for Widespread Attack
2023-05-11 07:05

A nascent botnet called Andoryu has been found to exploit a now-patched critical security flaw in the Ruckus Wireless Admin panel to break into vulnerable devices. While the malware is known to weaponize remote code execution flaws in GitLab and Lilin DVR for propagation, the addition of CVE-2023-25717 shows that Andoryu is actively expanding its exploit arsenal to ensnare more devices into the botnet.

Critical Ruckus RCE flaw exploited by new DDoS botnet malware
2023-05-09 19:58

A new malware botnet named 'AndoryuBot' is targeting a critical-severity flaw in the Ruckus Wireless Admin panel to infect unpatched Wi-Fi access points for use in DDoS attacks.Tracked as CVE-2023-25717, the flaw impacts all Ruckus Wireless Admin panels version 10.4 and older, allowing remote attackers to perform code execution by sending unauthenticated HTTP GET requests to vulnerable devices.

Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns
2023-05-02 22:45

The US government's Cybersecurity and Infrastructure Security Agency is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet. Trend Micro's Zero Day Initiative threat-hunting group early last week wrote in a report that in mid-April miscreants behind the please-can't-it-just-die Mirai botnet were beginning to exploit the flaw primarily by attacking devices in Eastern Europe, though the campaign soon expanded beyond that region.

Google wins court order to force ISPs to filter botnet traffic
2023-04-28 19:59

A US court has recently unsealed a restraining order against a gang of alleged cybercrooks operating outside the country, based on a formal legal complaint from internet giant Google. Interestingly the court order also authorises Google to identify network providers whose services directly or indirectly make this criminality possible, and to "[request] that those persons and entities take reasonable best efforts" to stop the malware and the data theft in its tracks.

Realtek and Cacti flaws now actively exploited by malware botnets
2023-03-30 18:44

Multiple malware botnets actively target Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot malware. The targeted flaws are CVE-2021-35394, a critical remote code execution vulnerability in Realtek Jungle SDK, and CVE-2022-46169, a critical command injection flaw in the Cacti fault management monitoring tool.

New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks
2023-03-19 14:20

A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS swarm with the potential for massive attacks. Akamai's analysts created a C2 of their own and interacted with simulated infections to stage HinataBot for DDoS attacks to observe the malware in action and infer its attack capabilities.

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide
2023-03-10 14:02

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. Prometei, first observed in 2016, is a modular botnet that features a large repertoire of components and several proliferation methods, some of which also include the exploitation of ProxyLogon Microsoft Exchange Server flaws.