Security News

While monitoring the Emotet botnet's current activity, security researchers found that the Quantum and BlackCat ransomware gangs are now using the malware to deploy their payloads. "The Emotet botnet has fueled major cybercriminal groups as an initial attack vector, or precursor, for numerous ongoing attacks," security researchers at intelligence company AdvIntel said.

A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits. "If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further attacks such as distributed denial-of-service attacks," Palo Alto Networks Unit 42 said in a Tuesday report.

The Mirai malware botnet variant known as 'MooBot' has re-emerged in a new attack wave that started early last month, targeting vulnerable D-Link routers with a mix of old and new exploits. MooBot was discovered by analysts at Fortinet in December 2021, targeting a flaw in Hikvision cameras to spread quickly and enlist a large number of devices into its DDoS army.

A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto's account transaction information to generate domain names to conceal its command-and-control infrastructure. Orchard is said to have undergone three revisions since February 2021, with the botnet primarily used to deploy additional payloads onto a victim's machine and execute commands received from the C2 server.

The increased proliferation of IoT devices paved the way for the rise of IoT botnets that amplifies DDoS attacks today. Cybercriminals use botnets for various malicious purposes, most significantly for DDoS attacks against targets.

The 8220 cryptomining group has expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021. "8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors," Tom Hegel of SentinelOne said in a Monday report.

A cryptomining gang known as 8220 Gang has been exploiting Linux and cloud app vulnerabilities to grow their botnet to more than 30,000 infected hosts. The group is a low-skilled, financially-motivated actor that infects AWS, Azure, GCP, Alitun, and QCloud hosts after targeting publicly available systems running vulnerable versions of Docker, Redis, Confluence, and Apache.

All you have to do is purchase the tool, run it on a Windows PC connected to the industrial controller via serial cable, click a button, and the password for the equipment is revealed. Under the hood, the software exploits a vulnerability - tracked as CVE-2022-2003 - in the device's Automation Direct firmware to retrieve the password in plain-text on command.

The botnet behind the largest HTTPS distributed denial-of-service attack in June 2022 has been linked to a spate of attacks aimed at nearly 1,000 Cloudflare customers. Calling the powerful botnet Mantis, the web performance and security company attributed it to more than 3,000 HTTP DDoS attacks against its users.

The record-breaking distributed denial-of-service attack that Cloudflare mitigated last month originated from a new botnet called Mantis, which is currently described as "The most powerful botnet to date." The previous record was held by Mēris botnet, which launched an attack that spiked at 21.8 million requests per second.