Botnets | Breaking Cybersecurity News | The Hacker News

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some of the other flaws weaponized by the distributed denial-of-service (DDoS) botnet include CVE-2013-3307 , CVE-2016-20016 , CVE-2017-5259 , CVE-2018-14558 , CVE-2020-25499 , CVE-2020-8515 , CVE-2022-3573 , CVE-2022-40005 , CVE-2022-44149 , CVE-2023-28771 , as well as those impacting AVTECH IP cameras, LILIN DVRs, and Shenzhen TVT devices. "The operator of AIRASHI has been posting their DDoS capability test results on Telegram," XLab said. "From historical data, it can be observed that the attack capacity of the AIRASHI botnet remains stable around 1-3 Tbps." A majority ...

A group of cyber criminals has infected as much as 1 Million computers around the world over the past two years with a piece of malware that hijacks search results pages using a local proxy. Security researchers from Romania-based security firm Bitdefender revealed the presence of this massive click-fraud botnet, which the researchers named Million-Machine Campaign. For those unaware, Botnets are networks of computers infected with malware designed to take control of the infected system without the owner's knowledge, potentially being used for launching distributed denial-of-service (DDoS) attacks against websites. The malware in question is known as Redirector.Paco that alone has infected over 900,000 machines around the world since its release in 2014. The Redirector.Paco Trojan infects users when they download and install tainted versions of popular software programs, such as WinRAR, YouTube Downloader, KMSPico, Connectify, or Stardock Start8. Once infected, Paco m...

When people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through negligence or malicious intent, insiders can expose your organization to significant cybersecurity risks. According to Verizon's 2024 Data Breach Investigations Report , 57% of companies experience over 20 insider-related security incidents a year, with human error involved in 68% of data breaches. With that, insider attacks result in the highest costs, averaging USD 4.99 million per attack, as per the 2024 Cost of a Data Breach Report by IBM Security.  What are insider threats? An insider threat originates from within an organization – it's the potential for anyone with authorized access to your critical systems to misuse their access, harming your organization. The worst part is that insiders are already within your IT perimeter and are familiar with your internal security prot...

Social Networking giant Facebook has just launched a new platform called ThreatExchange , which is designed to mount a coordinated defense against cybercrime. Many security professionals rely largely on manual methods for collecting, analyzing, and consuming information about latest cyber security threats such as malware and botnets . Whereas, Mark Zuckerberg's ThreatExchange is a unique social media platform where multiple organizations can sign up and share information about new threats to cyber security, new types of hacks, phishing attacks and malicious activities they may have experienced. COLLABORATE AND TAKE ACTION Facebook is currently using a threat analysis framework called " ThreatData " to discover and tackle scams and cybercrimes, but with the growth in the magnitude of cyber attacks, Facebook believes that better communication between companies could help stamp them out. " We quickly learned that sharing with one another was key to bea...

A new Cyber Crimeware kit arrived in Hacking scenes called 'PiceBOT' just like other Latin American botnets such as vOlk (Mexico) & S.A.P.Z (Peru) and  cost just $140 in underground market for Cyber criminals. Like other amazing exploit kits, the main purpose is the distribution of malware that steals financial information through local pharming attacks. Bad bots perform malicious tasks allowing an attacker to take complete control over an affected computer for the criminal to control remotely. Once infected, these machines may also be referred to as 'zombies'. Kaspersky uncovered that this kit has already been adopted by Latin American cyber criminals to target clients of major banks and so far financial bodies from Chile, Peru, Panama, Costa Rica, Mexico, Colombia, Uruguay, Venezuela, Ecuador, Nicaragua and Argentina under attack. Detected as  Trojan-Dropper.Win32.Injector , the malware having couple of dozen variants. Malware is sti...

The U.S. Department of Justice said on Tuesday that they've arrested 10 suspects from from Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States involved in a global botnet operation that infected more than 11 million systems. The ring is said to have caused more than $850m in losses in one of the largest cyber crime hauls in history. Officials said international cyber crime rings linked to Butterfly (aka Mariposa) botnet, first discovered in December 2008 and shut down a year later, infected over 12 million PCs worldwide and was spread primarily through file-sharing and instant messaging attacks. It also harvested financial information from over 800,000 victims. FBI said , " Facebook's security team provided assistance to law enforcement throughout the investigation by helping to identify the root cause, the perpetrators, and those affected by the malware. Yahos targeted Facebook users from 2010 to October 2012, a...

Antivirus company Symantec has detected a malicious campaign in which hackers managed to deceive thousands of people allegedly signed by a paid proxy service. They expose that hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading malware and being ensnared into a botnet. Three months ago, Symantec researchers started an investigation into a piece of malware called Backdoor.Proxybox that has been known since 2010, but has shown increasing activity recently. " The malware is Backdoor.Proxybox, and our investigation has revealed an entire black hat operation, giving us interesting information on the operation and size of this botnet, and leading us to information that may identify the actual malware author ," Symantec. The service - ProxyBox - supposedly provides access to its entire list of thousands of proxies for only $40 a month, which is obviously too cheap a price for the provider to break eve...

On-demand cloud computing is a valuable tool for companies needing temporary computing capacity without long-term investment in fixed capital. However, this same convenience makes cloud computing useful to hackers. Many hacking activities involve cracking passwords , keys, or other forms of brute force attacks. These processes are computationally intensive but highly parallelizable. Hackers have two main sources for on-demand computing: botnets made of consumer PCs and infrastructure-as-a-service (IaaS) from service providers. Both can deliver computing power on demand for brute force attacks. Botnets are unreliable and heterogeneous, taking longer to "provision." However, they are free to use and can scale to enormous sizes, with some botnets comprising hundreds of thousands of PCs. On the other hand, commercial cloud computing offers faster provisioning, predictable performance, and can be billed to a stolen credit card . The balance of power between security controls ...