Security News
A fileless worm dubbed FritzFrog has been found roping Linux-based devices - corporate servers, routers and IoT devices - with SSH servers into a P2P botnet whose apparent goal is to mine cryptocurrency. Simultaneously the malware creates a backdoor on the infected machines, allowing attackers to access it at a later date even if the SSH password has been changed in the meantime.
Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer botnet written in Golang that has been actively targeting SSH servers since January 2020. Called "FritzFrog," the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by Guardicore Labs today.
Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer botnet written in Golang that has been actively targeting SSH servers since January 2020. Called "FritzFrog," the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by Guardicore Labs today.
Researchers are warning that a new class of botnets could be marshaled and used to manipulate energy markets via zombie armies of power-hungry connected devices such as air conditioners, heaters, dryers and digital thermostats. Researchers with the Georgia Institute of Technology laid out the scenario in a Black Hat 2020 virtual session Wednesday.
A team of researchers from the Georgia Institute of Technology has demonstrated how, in theory, a malicious actor could manipulate the energy market using a botnet powered by high-wattage IoT devices. The Georgia Tech researchers say a threat actor could manipulate the electricity market the same way financial markets can be manipulated: generate an event that causes prices to drop or rise, and buy when the price is low and sell when the price is high.
A Trend Micro research is warning consumers of a major new wave of attacks attempting to compromise their home routers for use in IoT botnets. "Cybercriminals know that a vast majority of home routers are insecure with default credentials and have ramped up attacks on a massive scale. For the home user, that's hijacking their bandwidth and slowing down their network. For the businesses being targeted by secondary attacks, these botnets can totally take down a website, as we've seen in past high-profile attacks."
Guardicore's Botnet Encyclopedia is a new, free tool for security teams tracking suspicious activity in data centers. "We are identifying threats within the data and clarifying them to tell the whole story about an attack," she said.
The coder who created the massive Satori botnet of enslaved devices and a handful of other botnets will be spending 13 months behind bars, the US Attorney's Office of Alaska announced on Friday. In September 2019, he pleaded guilty to operating the Satori botnet, made up of IoT devices, and at least two other botnets; to running a DDoS-for-hire service; to cooking up one of the evolving line of botnets while he was indicted and under supervised release; and to swatting one of his former chums, also while on supervised release.
Researchers said they observed DarkCrewFriends exploiting an unrestricted file upload vulnerability to compromise PHP servers that run websites. "Many applications allow users to upload certain files to their servers, such as images or documents," explained the researchers on Thursday in a blog post.
A 22-year-old man has been sentenced to more than a year in prison for developing Mirai botnet variants that compromised hundreds of thousands of devices worldwide. The man, Kenneth Currin Schuchman, of Vancouver, Wash., was sentenced to 13 months in prison after pleading guilty to creating and operating the Satori/Okiru, Masuta and Tsunami/Fbot botnets.