Security News

A microcosm of this upward trend involved exploits targeting public information sites and tied to political events, including the war in Ukraine and the midterm elections in the U.S. In response to the rise in politically motivated DDoS attacks, Google is offering a free service called Project Shield to government sites, news and independent journalists, sites related to elections and voting, and sites that cover human rights. The company reported a 400% rise in DDoS attacks on its customers during last year's election season in the U.S. In the second half of 2022, Project Shield saw over 25,000 such attacks against customers, many of them 100,000 queries per second in size.

The fake crimeware-as-a-service offerings that the NCA pretends to operate are so-called booters, also known as stressers, also known as DDoSsers, where DDoS is short for distributed denial of service. In contrast, DDoS attacks are usually much less sophisticated, making them easier for technically inexperienced crooks to take part in, but much more natural-looking, making them harder even for technically experienced defenders to stop.

In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks," the law enforcement agency said.

The U.K.'s National Crime Agency revealed today that they created multiple fake DDoS-for-hire service websites to identify cybercriminals who utilize these platforms to attack organizations. NCA says several thousands of people accessed its fake sites, which had a realistic appearance as a genuine booter service.

Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of malware called ShellBot. ShellBot is installed on servers that have weak credentials, but only after threat actors make use of scanner malware to identify systems that have SSH port 22 open.

A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS swarm with the potential for massive attacks. Akamai's analysts created a C2 of their own and interacted with simulated infections to stage HinataBot for DDoS attacks to observe the malware in action and infer its attack capabilities.

A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service attacks. The threat actors behind HinataBot are said to have been active since at least December 2022, with the attacks first attempting to use a generic Go-based Mirai variant before switching to their own custom malware starting from January 11, 2023.

Akamai reports having mitigated the largest DDoS attack ever launched against a customer based in the Asia-Pacific region. DDoS is an attack that involves sending a large volume of garbage requests to a targeted server, depleting its capacity, and thus rendering the websites, applications, or other online services it hosts unreachable by legitimate users.

After your incoming traffic has been scanned, all safe traffic is forwarded to your network or servers for processing through the GRE tunnel. GRE tunnels can transport or forward multicast traffic, which is essential for actions like routing protocol advertisement and for video conferencing applications, while a VPN can only transport unicast traffic.

A series of distributed-denial-of-service attacks shut down nine Danish hospitals' websites for a few hours on Sunday, but did not have any life-threatening impact on the medical centers' operations or digital infrastructure. "Region H the hospitals' websites are down," it read, in Danish.