#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Botnet attack | Breaking Cybersecurity News | The Hacker News

Category — Botnet attack
Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online

Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online

Nov 21, 2024 ICS Security / IoT Security
New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis , which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.2% in South America, and 0.5% in Africa. The countries with the most ICS service exposures include the U.S. (more than 48,000), Turkey, South Korea, Italy, Canada, Spain, China, Germany, France, the U.K., Japan, Sweden, Taiwan, Poland, and Lithuania. The metrics are derived from the exposure of several commonly-used ICS protocols like Modbus, IEC 60870-5-104, CODESYS, OPC UA, and others. One important aspect that stands out is that the attack surfaces are regionally unique: Modbus, S7, and IEC 60870-5-104 are more widely observed in Europe, while Fox, BACnet, ATG, and C-more are more commonly found in North Ame...
Multiple DDoS Botnets Exploited 0-Day Flaws in LILIN DVR Surveillance Systems

Multiple DDoS Botnets Exploited 0-Day Flaws in LILIN DVR Surveillance Systems

Mar 21, 2020
Multiple zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm Qihoo 360 's Netlab team, who say different attack groups have been using LILIN DVR zero-day vulnerabilities to spread Chalubo , FBot , and Moobot botnets at least since August 30, 2019. Netlab researchers said they reached out to LILIN on January 19, 2020, although it wasn't until a month later the vendor released a firmware update (2.0b60_20200207) addressing the vulnerabilities. The development comes as IoT devices are increasingly being used as an attack surface to launch DDoS attacks and as proxies to engage in various forms of cybercrime. What Are the LILIN Zero-Days About? The flaw in itself concerns a chain of vulnerabilities that make use of hard-coded login cred...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide

Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide

Mar 10, 2020
Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure. The latest botnet takedown was the result of a coordinated operation involving international police and private tech companies across 35 countries. The operation was conducted successfully after researchers successfully broke the domain generation algorithm (DGA) implemented by the Necurs malware, which helped it remain resilient for a long time. DGA is basically a technique to unpredictably generate new domain names at regular intervals, helping malware authors to continuously switch the location of C&C servers and maintain undisrupted digital communication with the infected machines. "We were then able to accurately predict over six million unique domains that would be created in the next 25 months. Microsoft reported these domains to their respective r...
cyber security

Breaking Barriers: Strategies to Unite AppSec and R&D for Success

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Top 5 Essential Features of Effective Cybersecurity for Web Apps

Top 5 Essential Features of Effective Cybersecurity for Web Apps

Dec 19, 2019
There's hardly any business nowadays that don't use computers and connect to the Internet. Companies maintain an online presence through their official websites, blogs, and social media pages. People use online services to conduct day to day activities like banking. And of course, there are many businesses that are completely based on the web like online markets, e-Commerce websites and financial services. All of these activities create opportunities for cyber attacks. Various threats can affect websites, online services, API endpoints, and the applications used or provided by businesses. Such devastating attacks include privacy intrusion, DDoS attacks , data breaches, defacements of websites, online store shutdowns, scraping, payment fraud, abuse of online services, and backdoor installations. The 2019 Cost of Cybercrime Study by Accenture reports that there has been a 67% increase in cyber attacks over the last five years. The corresponding increase in financial ter...
14 Ways to Evade Botnet Malware Attacks On Your Computers

14 Ways to Evade Botnet Malware Attacks On Your Computers

Dec 18, 2019
Cybercriminals are busy innovators, adapting their weapons and attack strategies, and ruthlessly roaming the web in search of their next big score. Every manner of sensitive information, such as confidential employee records, customers' financial data, protected medical documents, and government files, are all subject to their relentless threats to cybersecurity . Solutions span a broad spectrum, from training email users to ensuring a VPN kill switch is in place, to adding extensive advanced layers of network protection. To successfully guard against severe threats from hackers, worm viruses to malware, such as botnet attacks, network managers need to use all tools and methods that fit well into a comprehensive cyber defense strategy. Of all the menaces mentioned above to a website owner's peace of mind, botnets arguably present the most unsettling form of security risk. They're not the mere achievements of malicious amateur cybercriminals. They're state...
Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

Sep 19, 2018
Three young hackers who were sentenced late last year for creating and spreading the notorious Mirai botnet are now helping the FBI to investigate other "complex" cybercrime cases in return to avoid their lengthy prison terms. Paras Jha, 21 from New Jersey, Josiah White, 20 from Washington, and Dalton Norman, 21 from Louisiana, plead guilty in December 2017 to multiple charges for their role in creating and hijacking hundreds of thousands IoT devices to make them part of a notorious botnet network dubbed Mirai . Mirai malware scanned for insecure routers, cameras, DVRs, and other Internet of Things (IoT) devices which were using their default passwords and then made them part of a botnet network . The trio developed the Mirai botnet to attack rival Minecraft video gaming hosts, but after realizing that their invention was powerful enough to launch record-breaking DDoS attacks against targets like OVH hosting website, they released the source code of Mirai . The ...
Russian Hacker Pleads Guilty to Operating Kelihos Botnet

Russian Hacker Pleads Guilty to Operating Kelihos Botnet

Sep 13, 2018
The Russian man who was accused of operating the infamous Kelihos botnet has finally pleaded guilty in a U.S. federal court. Peter Yuryevich Levashov , 38, of St. Petersburg, Russia, pleaded guilty on Wednesday in U.S. federal court in Connecticut to computer crime, wire fraud, conspiracy and identity theft charges. Levashov, also known by many online aliases including Peter Severa, Petr Levashov, Petr Severa and Sergey Astakhov, has admitted of operating several botnets, including the Storm, Waledac and Kelihos botnets, since the late 1990s until he was arrested in April 2017 . Kelihos botnet, dated back to 2010, was a global network of tens of thousands of infected computers that were used to steal login credentials, send bulk spam emails, and infect computers with ransomware and other malware. Russian Hacker Infects 50,000 Computers With Kelihos Botnet Storm and Waledac botnets also shared Kelihos code, but kelihos was the most notorious botnet of all that alone infect...
Three Hackers Plead Guilty to Creating IoT-based Mirai DDoS Botnet

Three Hackers Plead Guilty to Creating IoT-based Mirai DDoS Botnet

Dec 13, 2017
The U.S. federal officials have arrested three hackers who have pleaded guilty to computer-crimes charges for creating and distributing Mirai botnet that crippled some of the world's biggest and most popular websites by launching the massive DDoS attacks last year. According to the federal court documents unsealed Tuesday, Paras Jha (21-year-old from New Jersey), Josiah White (20-year-old Washington) and Dalton Norman (21-year-old from Louisiana) were indicted by an Alaska court last week on multiple charges for their role in massive cyber attacks conducted using Mirai botnet. Mirai is a piece of nasty IoT malware that scans for insecure routers, cameras, DVRs, and other Internet of Things devices which are still using their default passwords and then add them into a botnet network, which is then used to launch DDoS attacks on websites and Internet infrastructure. According to his plea agreement, Jha " conspired to conduct DDoS attacks against websites and web ho...
New Mirai Botnet Variant Found Targeting ZyXEL Devices In Argentina

New Mirai Botnet Variant Found Targeting ZyXEL Devices In Argentina

Nov 28, 2017
While tracking botnet activity on their honeypot traffic, security researchers at Chinese IT security firm Qihoo 360 Netlab discovered a new variant of Mirai —the well known IoT botnet malware that wreaked havoc last year. Last week, researchers noticed an increase in traffic scanning ports 2323 and 23 from hundreds of thousands of unique IP addresses from Argentina in less than a day. The targeted port scans are actively looking for vulnerable internet-connected devices manufactured by ZyXEL Communications using two default telnet credential combinations— admin/CentryL1nk and admin/QwestM0dem —to gain root privileges on the targeted devices. Researchers believe (instead "quite confident") this ongoing campaign is part of a new Mirai variant that has been upgraded to exploit a newly released vulnerability (identified as CVE-2016-10401 ) in ZyXEL PK5001Z modems. "ZyXEL PK5001Z devices have zyad5001 as the su (superuser) password, which makes it easier for rem...
Someone is Using Mirai Botnet to Shut Down Internet for an Entire Country

Someone is Using Mirai Botnet to Shut Down Internet for an Entire Country

Nov 03, 2016
Note — We have published  an updated article on what really happened behind the alleged DDoS attack against Liberia using Mirai botnet. Someone is trying to take down the whole Internet of a country, and partially succeeded, by launching massive distributed denial-of-service (DDoS) attacks using a botnet of insecure IoT devices infected by the Mirai malware. It all started early October when a cyber criminal publicly released the source code of Mirai – a piece of nasty IoT malware designed to scan for insecure IoT devices and enslaves them into a botnet network, which is then used to launch DDoS attacks. Just two weeks ago, the Mirai IoT Botnet caused vast internet outage by launching massive DDoS attacks against DNS provider Dyn, and later it turns out that just 100,000 infected-IoT devices participated in the attacks. Experts believe that the future DDoS attack could reach 10 Tbps, which is enough to take down the whole Internet in any nation state. One such inc...
New IoT Botnet Malware Discovered; Infecting More Devices Worldwide

New IoT Botnet Malware Discovered; Infecting More Devices Worldwide

Nov 01, 2016
The whole world is still dealing with the Mirai IoT Botnet that caused vast internet outage last Friday by launching massive distributed denial of service (DDoS) attacks against the DNS provider Dyn, and researchers have found another nasty IoT botnet. Security researchers at MalwareMustDie have discovered a new malware family designed to turn Linux-based insecure Internet of Things (IoT) devices into a botnet to carry out massive DDoS attacks. Dubbed Linux/IRCTelnet , the nasty malware is written in C++ and, just like Mirai malware , relies on default hard-coded passwords in an effort to infect vulnerable Linux-based IoT devices. The IRCTelnet malware works by brute-forcing a device's Telnet ports, infecting the device's operating system, and then adding it to a botnet network which is controlled through IRC (Internet Relay Chat) – an application layer protocol that enables communication in the form of text. So, every infected bot (IoT device) connects to a mali...
Malicious Gaming App Infects More than 1 Million Android Users

Malicious Gaming App Infects More than 1 Million Android Users

Jul 12, 2015
It's not at all surprising that the Google Play Store is surrounded by a number of malicious applications that may gain users' attention to fall victim for one, but this time it might be even worse than you thought. Threat researchers from security firm ESET have discovered a malicious Facebook-Credentials-Stealing Trojan masquerading as an Android game that has been downloaded by more than a Million Android users. Malicious Android Apps downloaded 50,000-1,000,000 times The Android game, dubbed " Cowboy Adventure ," and another malicious game, dubbed " Jump Chess " – downloaded up to 50,000 times, have since been removed from Google Play Store. However, before taking them off from the app store, the creepy game apps may have compromised an unknown number of victims' Facebook credentials . Both the games were created by the same software developer, Tinker Studio and both were used to gather social media credentials from unsuspec...
Hola — A widely popular Free VPN service used as a Giant Botnet

Hola — A widely popular Free VPN service used as a Giant Botnet

May 29, 2015
The bandwidth of Millions of users of a popular free VPN service is being sold without their knowledge in an attempt to cover the cost of its free service, which could result in a vast botnet-for-sale network. " Hola ," a free virtual private network, is designed to help people abroad watch region restricted shows like American Netflix, and other streaming United States media. Hola is selling users' bandwidth: Hola is easy-to-use browser plugin available in the Google Chrome Store with currently more than 6 Million downloads . But, unfortunately, Hola could be used by hackers to maliciously attack websites, potentially putting its users at risk of being involved in illegal or abusive activities. Hola uses a peer-to-peer system to route users' traffic. So, if you are in Denmark and wants to watch a show from America, you might be routed through America-based user's Internet connections. However, Hola is not leaving a chance to make money o...
Beebone Botnet Taken Down By International Cybercrime Taskforce

Beebone Botnet Taken Down By International Cybercrime Taskforce

Apr 10, 2015
U.S. and European law enforcement agencies have shut down a highly sophisticated piece of the botnet that had infected more than 12,000 computers worldwide , allowing hackers to steal victims' banking information and other sensitive data. The law enforcement agencies from the United States, United Kingdom and the European Union conducted a joint operation to get rid of the botnet across the globe and seized the command-and-control server that had been used to operate the nasty Beebone (also known as AAEH ) botnet . What's a Botnet? A botnet is a network of large number of computers compromised with malicious software and controlled surreptitiously by hackers without the knowledge of victims. Basically, a "botnet" is a hacker's "robot" that does the malicious work directed by hackers. Hackers and Cyber Criminals have brushed up their hacking skills and started using Botnets as a cyber weapon to carry out multiple crimes such as DDoS attacks...
Expert Insights / Articles Videos
Cybersecurity Resources