Security News

A new DDoS-as-a-Service platform named 'Passion' was seen used in recent attacks by pro-Russian hacktivists against medical institutions in the United States and Europe. "The Passion Botnet was leveraged during the attacks on January 27th, targeting medical institutions in the USA, Portugal, Spain, Germany, Poland, Finland, Norway, Netherlands, and the United Kingdom as retaliation for sending tanks in support of Ukraine," said Radware researchers.

In brief Russian hackers have proved yet again how quickly cyber attacks can be used to respond to global events with a series of DDoS attacks on German infrastructure and government websites in response to the country's plan to send tanks to Ukraine. Germany announced the transfer of 14 Leopard 2 A6 tanks to Ukraine on Wednesday, jointly with the US saying it would send 31 M1 Abrams tanks to the besieged nation.

DDoS attacks are getting larger and more complex moving towards mobile networks and IoT, which are now used in cyberwarfare. In this Help Net Security video, Steve Winterfeld, Advisory CISO at Akamai, discusses the most powerful DDoS attacks in the past 12 months.

A new Linux malware downloader created using SHC has been spotted in the wild, infecting systems with Monero cryptocurrency miners and DDoS IRC bots. According to ASEC researchers, who discovered the attack, the SHC loader was uploaded to VirusTotal by Korean users, with attacks generally focused on Linux systems in the same country.

According to NCC Group's Global Threat Intelligence team, November saw a 41% increase in ransomware attacks from 188 incidents to 265. In its most recent Monthly Threat Pulse, the group reported that the month was the most active for ransomware attacks since April this year.

An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors. KmsdBot is a Go-based malware that leverages SSH to infect systems and carry out activities like cryptocurrency mining and launch commands using TCP and UDP to mount distributed denial-of-service attacks.

A new cross-platform malware botnet named 'MCCrash' is infecting Windows, Linux, and IoT devices to conduct distributed denial of service attacks on Minecraft servers. "Our analysis of the DDoS botnet revealed functionalities specifically designed to target private Minecraft Java servers using crafted packets, most likely as a service sold on forums or darknet sites," explains the new report by Microsoft.

Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts.

In addition to a total of seven suspected booter site administrators detained thus far, "Further actions [are] planned against the users of these illegal services," the European cops said. While some of the sites claimed to offer "Stresser" services, ostensibly to help organizations test whether their networks could withstand a DDoS flood, after reviewing "Thousands of communications between booter site administrators and their customers; these communications make clear that both parties are aware that the customer is not attempting to attack their own computers," according to an FBI affidavit [PDF] filed in support of court-authorized warrants to seize the sites.

In DDoS Protection, Gcore uses the bundle of XDP and regular expressions. There are two approaches to filtering out malicious traffic in DDoS Protection: packet parsers and handling regular expressions.