Security News

A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service attacks. Called "Matryosh" by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge interfaces to infect Android devices and ensnare them into its network.

Independent of who uses them, denial of service attacks can be particularly disruptive and damaging for organizations targeted by cybercriminals. TechRepublic's cheat sheet on denial of service attacks is a comprehensive guide to this topic.

Several companies that provide services for mitigating distributed denial-of-service attacks reported seeing records being broken in 2020. In a report published on Tuesday, Akamai said it saw the largest global DDoS extortion campaign, more customers attacked than in any other previous year, the largest ever attack in terms of million packets per second, and a record number of new customers that urgently needed protection due to an ongoing or imminent attack.

For many enterprises, 2020 was a tough year for cyberattacks, with dozens suffering from devastating DDoS attacks due to the newfound reliance on digital tools, according to a new report from cybersecurity firm Akamai. "In fact, across all attacks, 7 of the 11 industries we track saw more attacks in 2020 than any year to date. Think about that. This was led by huge jumps in Business Services, Education, Financial Services, Retail & Consumer Goods, and Software & Tech," the report said.

Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom. In October 2020, we reported that ransomware gangs were beginning to utilize DDoS attacks against a victims' network or web site as an extra tool to force them to pay a ransom.

Netscout so far has identified more than 14,000 "Abusable" Windows RDP servers that can be misused by attackers in DDoS attacks-troubling news at a time when this type of attack is on the rise due to the increased volume of people online during the ongoing coronavirus pandemic. What's more, while initially only advanced attackers with access to "Bespoke DDoS attack infrastructure" used this method of amplification, researchers also observed RDP servers being abused in DDoS-for-hire services by so-called "Booters," they said.

Windows admins can configure RDP to run on TCP port 3389 or UDP port 3389, and if the latter is enabled, the system can be abused to launch DDoS attacks that have an amplification ratio of 85.9:1. The company has reported seeing roughly 14,000 unprotected RDP servers that can be abused for such attacks.

Jack Wallen walks you through some of the steps you can take to check for and mitigate distributed denial of service attacks on a Linux server. Recently I wrote a piece on how to detect and stop a DoS attack on Linux.

Now it appears DDoS-Guard is about to be relieved of more than two-thirds of the Internet address space the company leases to clients - including the Internet addresses currently occupied by Parler. Much like Internet infrastructure firm CloudFlare, DDoS-Guard typically doesn't host sites directly but instead acts as a go-between to simultaneously keep the real Internet addresses of its clients confidential and to protect them from crippling Distributed Denial-of-Service attacks.

Windows Remote Desktop Protocol servers are now being abused by DDoS-for-hire services to amplify Distributed Denial of Service attacks. The Microsoft RDP service is a built-in Windows service running on TCP/3389 and/or UDP/3389 that enables authenticated remote virtual desktop infrastructure access to Windows servers and workstations.