Security News

Remote Access Trojan adds ransomware and DDoS attacks to usual bag of tricks. The Remote Access Trojan, or RAT for short, is a powerful tool among cybercriminals as it allows them to fully access and control a compromised computer or device to steal data or launch additional attacks.

Attackers are using a newly released remote access trojan to spread ransomware and distributed denial of service - in addition to the traditional RAT function of backdooring victims' systems. Researchers at Cyble Research Labs discovered the RAT, which they dubbed Borat RAT because it uses a photo of Sacha Baron Cohen, the comedian who created and portrayed the fictional character Borat in a popular series of mockumentary films.

A variant of the Mirai botnet called Beastmode has been observed adopting newly disclosed vulnerabilities in TOTOLINK routers between February and March 2022 to infect unpatched devices and expand its reach potentially. "The Beastmode Mirai-based DDoS campaign has aggressively updated its arsenal of exploits," Fortinet's FortiGuard Labs Research team said.

"The Borat RAT provides a dashboard to Threat Actors to perform RAT activities and also has an option to compile the malware binary for performing DDoS and ransomware attacks on the victim's machine," the researchers wrote in a blog post, noting the malware is being made available for sale to hackers. Borat - named after the character made famous by actor Sacha Baron Cohen in two comedy films - comes with the standard requisite of RAT features in a package that includes such functions as builder binary, server certificate and supporting modules.

A Mirai-based distributed denial-of-service botnet tracked as Beastmode has updated its list of exploits to include several new ones, three of them targeting various models of Totolink routers. The authors of DDoS botnets did not waste any time and added these flaws to their arsenal to take advantage of the opportunity window before Totolink router owners applied the security updates.

Distributed Denial-of-service attacks decreased slightly in 2021 but are becoming larger and more complex in nature, an analysis from F5 has found. "The volume of DDoS attacks has fluctuated by quarter, but the unmistakable trend is that these attacks are getting larger," said David Warburton, Director of F5 Labs.

Hackers are compromising WordPress sites to insert a malicious script that uses visitors' browsers to perform distributed denial-of-service attacks on Ukrainian websites. Today, MalwareHunterTeam discovered a WordPress site compromised to use this script, targeting ten websites with Distributed Denial of Service attacks.

During the second half of 2021, cybercriminals launched 9.75 million DDoS attacks, a NETSCOUT report has revealed. These attacks show a 3% decrease from the record number set during the height of the pandemic, yet continuing at a pace that's 14% above pre-pandemic levels.

During the second half of 2021, cybercriminals launched approximately 4.4 million Distributed Denial of Service attacks, bringing the total number of DDoS attacks in 2021 to 9.75 million, a NETSCOUT report reveals. The report details how the second half of 2021 established high-powered botnet armies and rebalanced the scales between volumetric and direct-path attacks, creating more sophisticated operating procedures for attackers and adding new tactics, techniques, and methods to their arsenals.

The attacks are not just growing in number, but also in scale, as the telecommunications company says IoT botnet and amplifier attack capacity exceeds 10Tbps, a significant increase of three-to-four times the size of attacks previously reported. Last year, Nokia shared its findings as part of its DDoS 2021 report, showing that by mid-year the most impactful DDoS were originating from high-bandwidth, high packet-rate, volumetric DDoS attacks.