Security News

Latvian network equipment manufacturer MikroTik has shared details on customers can secure and clean routers enslaved by the massive Mēris DDoS botnet over the summer. "As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a vulnerability, that was quickly patched," a MicroTik spokesperson told BleepingComputer.

Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service attack by a new botnet called M?ris. The botnet is believed to have pummeled the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second, dwarfing a recent botnet-powered attack that came to light last month, bombarding an unnamed Cloudflare customer in the financial industry with 17.2 million RPS. Russian DDoS mitigation service Qrator Labs, which disclosed details of the attack on Thursday, called M?ris - meaning "Plague" in the Latvian language - a "Botnet of a new kind."

Technical details tied to a record-breaking distributed-denial-of-service attack against Russian internet behemoth Yandex are surfacing as the digital dust settles. Attackers, according to Qrator Labs, exploited a 2018 bug unpatched in more than 56,000 MikroTik hosts involved in the DDoS attack.

A new distributed denial-of-service botnet that kept growing over the summer has been hammering Russian internet giant Yandex for the past month, the attack peaking at the unprecedented rate of 21.8 million requests per second. The botnet received the name Mēris, and it gets its power from tens of thousands of compromised devices that researchers believe to be primarily powerful networking equipment.

The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019. "Mozi uses a P2P network structure, and one of the 'advantages' of a P2P network is that it is robust, so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices, that is why we can still see Mozi spreading," said Netlab, which spotted the botnet for the first time in late 2019.

A denial-of-service vulnerability affecting SDKs for Realtek chipsets used in 65 vendors' IoT devices has been incorporated into a son-of-Mirai botnet, according to new research. Warning that the vuln had been included in Dark.IoT's botnet "Less than a week" after it was publicly disclosed, Radware said: "This vulnerability was recently disclosed by IoT Inspectors Research Lab on August 16th and impacts IoT devices manufactured by 65 vendors relying on the Realtek chipsets and SDK.".

A Mirai-based botnet now targets a critical vulnerability in the software SDK used by hundreds of thousands of Realtek-based devices, encompassing 200 models from at least 65 vendors, including Asus, Belkin, D-Link, Netgear, Tenda, ZTE, and Zyxel. Since the bug affects the management web interface, remote attackers can scan for and attempt to hack them to execute arbitrary code remotely on unpatched devices, allowing them to take over the impacted devices.

Mozi, a peer-to-peer botnet known to target IoT devices, has gained new capabilities that allow it to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE, according to new findings. "Network gateways are a particularly juicy target for adversaries because they are ideal as initial access points to corporate networks," researchers at Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT said in a technical write-up.

The main components of the security tool are the Cobalt Strike client - also known as a Beacon - and the Cobalt Strike team server, which sends commands to infected computers and receives the data they exfiltrate. An attacker starts by spinning up a machine running Team Server that has been configured to use specific "Malleability" customizations, such as how often the client is to report to the server or specific data to periodically send.

An Estonian national has pleaded guilty in a United States court to two counts of computer fraud and abuse over his role in creating and operating a proxy botnet. He then used these devices to create an Internet of Things botnet called "Russian2015," which he operated using the domain Russian2015.