Security News
DDoS attacks were at all-time high in Q1 2022 due to war in Ukraine. Kaspersky recently released findings that the number of DDoS attacks are the most frequent they have ever been and dwarf the rate of DDoS attacks from just a year prior.
Kaspersky has released a report showing Distributed Denial of Service attacks hit an all-time-high in the first quarter of 2022. The attacks detected by the security outfit easily surpassed those of the previous quarter and were up 46 per cent on the same time last year.
A threat group that pursues crypto mining and distributed denial-of-service attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things devices since last month. "This botnet is mainly derived from Gafgyt's source code but has been observed to borrow several modules from Mirai's original source code," Fortinet FortiGuard Labs said in a report this week.
A rapidly growing botnet is ensnaring routers, DVRs, and servers across the Internet to target more than 100 victims every day in distributed denial-of-service attacks. The number of unique IP addresses linked to the botnet also oscillates, with 360 Netlab saying that they're tracking a 10,000-strong Fodcha army of bots using Chinese IP addresses every day, most of them using the services of China Unicom and China Telecom.
A new Mirai-based botnet malware named Enemybot has been observed growing its army of infected devices through vulnerabilities in modems, routers, and IoT devices, with the threat actor operating it known as Keksec. The particular threat group specializes in crypto-mining and DDoS; both supported by botnet malware that can nest in IoT devices and hijack their computational resources.
It should be noted that RDDoS attacks are launched by a different type of threat actors than ransomware gangs, who use DDoS to add more pressure on the victim on top of file encryption and the threat to publish stolen data. Cloudflare reports that ransom DDoS attacks have dropped drastically in 2022, with only 17% of its DDoS-targeted clients reporting an extortion in January, 6% in February, and just 3% in March.
Remote Access Trojan adds ransomware and DDoS attacks to usual bag of tricks. The Remote Access Trojan, or RAT for short, is a powerful tool among cybercriminals as it allows them to fully access and control a compromised computer or device to steal data or launch additional attacks.
Attackers are using a newly released remote access trojan to spread ransomware and distributed denial of service - in addition to the traditional RAT function of backdooring victims' systems. Researchers at Cyble Research Labs discovered the RAT, which they dubbed Borat RAT because it uses a photo of Sacha Baron Cohen, the comedian who created and portrayed the fictional character Borat in a popular series of mockumentary films.
A variant of the Mirai botnet called Beastmode has been observed adopting newly disclosed vulnerabilities in TOTOLINK routers between February and March 2022 to infect unpatched devices and expand its reach potentially. "The Beastmode Mirai-based DDoS campaign has aggressively updated its arsenal of exploits," Fortinet's FortiGuard Labs Research team said.
"The Borat RAT provides a dashboard to Threat Actors to perform RAT activities and also has an option to compile the malware binary for performing DDoS and ransomware attacks on the victim's machine," the researchers wrote in a blog post, noting the malware is being made available for sale to hackers. Borat - named after the character made famous by actor Sacha Baron Cohen in two comedy films - comes with the standard requisite of RAT features in a package that includes such functions as builder binary, server certificate and supporting modules.