#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

DDoS Botnet | Breaking Cybersecurity News | The Hacker News

Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks

Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
Nov 23, 2023 Vulnerability / Cyber Threat
An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and video recorders into a Mirai-based distributed denial-of-service (DDoS) botnet. "The payload targets routers and network video recorder (NVR) devices with default admin credentials and installs Mirai variants when successful," Akamai  said  in an advisory published this week. Details of the flaws are currently under wraps to allow the two vendors to publish patches and prevent other threat actors from abusing them. The fixes for one of the vulnerabilities are expected to be shipped next month. The attacks were first discovered by the web infrastructure and security company against its honeypots in late October 2023. The perpetrators of the attacks have not been identified as yet. The botnet, which has been codenamed InfectedSlurs due to the use of racial and offensive language in the command-and-control (C2) servers and hard-coded strings, is a 

Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers

Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
Nov 14, 2023 Cloud Security / Malware
Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service (DDoS) botnet dubbed  OracleIV . "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named 'oracleiv_latest' and containing Python malware compiled as an ELF executable," Cado researchers Nate Bill and Matt Muir  said . The malicious activity starts with attackers using an HTTP POST request to Docker's API to retrieve a malicious image from Docker Hub, which, in turn, runs a command to retrieve a shell script (oracle.sh) from a command-and-control (C&C) server. Oracleiv_latest  purports to be a MySQL image for docker and has been pulled 3,500 times to date. In a perhaps not-so-surprising twist, the image also includes additional instructions to fetch an XMRig miner and its configuration from the same server. That said, the clo

SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework
Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a

FBI Seizes 15 DDoS-For-Hire Websites, 3 Operators Charged

FBI Seizes 15 DDoS-For-Hire Websites, 3 Operators Charged
Dec 21, 2018
The FBI just saved the Christmas. The U.S. Justice Department announced earlier today that the FBI has seized domains of 15 "DDoS-for-hire" websites and charged three individuals running some of these services. DDoS-for-hire , or "Booter" or "Stresser," services rent out access to a network of infected devices, which then can be used by anyone, even the least tech-savvy individual, to launch distributed denial-of-service (DDoS) attacks against any website and disrupt its access. In recent years, multiple hacking groups ruined Christmas Day for millions of gamers by taking down PlayStation, Xbox networks and other gaming servers using massive DDoS attacks. "Booter services such as those named in this action allegedly cause attacks on a wide array of victims in the United States and abroad, including financial institutions, universities, internet service providers, government systems, and various gaming platforms," the DoJ said. &qu

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

cyber security
websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.

New Mirai Okiru Botnet targets devices running widely-used ARC Processors

New Mirai Okiru Botnet targets devices running widely-used ARC Processors
Jan 15, 2018
The cybersecurity threat landscape has never been more extensive and is most likely to grow exponentially in 2018. Although the original creators of Mirai DDoS botnet have already been arrested and jailed, the variants of the infamous IoT malware are still in the game due to the availability of its source code on the Internet. Security researchers have spotted a new variant of infamous Mirai IoT malware designed to hijack insecure devices that run on ARC embedded processors. Until now, Mirai and its variants have been targeting CPU architectures— including x86, ARM, Sparc, MIPS, PowerPC and Motorola 6800 —deployed in millions of Internet of Things (IoT) devices. Dubbed Okiru , the new Mirai variant, first spotted by @unixfreaxjp from MalwareMustDie team and notified by independent researcher Odisseus , is a new piece of ELF malware that targets ARC-based embedded devices running Linux operating system. " This is the FIRST TIME ever in the history of computer eng

Hackers Targeting Servers Running Database Services for Mining Cryptocurrency

Hackers Targeting Servers Running Database Services for Mining Cryptocurrency
Dec 21, 2017
Security researchers have discovered multiple attack campaigns conducted by an established Chinese criminal group that operates worldwide, targeting database servers for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet. The researchers from security firm GuardiCore Labs have analyzed thousands of attacks launched in recent months and identified at least three attack variants— Hex, Hanako, and Taylor —targeting different MS SQL and MySQL servers for both Windows and Linux. The goals of all the three variants are different—Hex installs cryptocurrency miners and remote access trojans (RATs) on infected machines, Taylor installs a keylogger and a backdoor, and Hanako uses infected devices to build a DDoS botnet. So far, researchers have recorded hundreds of Hex and Hanako attacks and tens of thousands of Taylor attacks each month and found that most compromised machines are based in China, and some in Thailand, the United States, Japan and others.

Two New Platforms Found Offering Cybercrime-as-a-Service to 'Wannabe Hackers'

Two New Platforms Found Offering Cybercrime-as-a-Service to 'Wannabe Hackers'
Jul 15, 2017
Cybercrime has continued to evolve and today exists in a highly organised form. Cybercrime has increasingly been commercialised, and itself become big business by renting out an expanded range of hacking tools and technologies, from exploit kits to ransomware, to help anyone build threats and launch attacks. In past few years, we have witnessed the increase in the popularity of malware-as-a-service (MaaS), which is today a prosperous business on the underground black market that offers an array of services, including ransomware-as-a-service , DDoS-as-a-service , phishing-as-a-service, and much more. Two such services have recently been spotted by two separate group of researchers, which we have detailed in this article. Ovidiy Stealer — $7 Password-Stealing Malware For Everyone A new credential stealing malware that targets primarily web browsers is being marketed at Russian-speaking web forums for as cheap as $7, allowing anyone with even little technical knowledge to h

More Hacking Groups Found Exploiting SMB Flaw Weeks Before WannaCry

More Hacking Groups Found Exploiting SMB Flaw Weeks Before WannaCry
May 19, 2017
Since the Shadow Brokers released the zero-day software vulnerabilities and hacking tools – allegedly belonged to the NSA's elite hacking team Equation Group – several hacking groups and individual hackers have started using them in their own way. The April's data dump was believed to be the most damaging release by the Shadow Brokers till the date, as it publicly leaked lots of Windows hacking tools , including dangerous Windows SMB exploit. After the outbreak of WannaCry last week, security researchers have identified multiple different campaigns exploiting Windows SMB vulnerability (CVE-2017-0143), called Eternalblue , which has already compromised hundreds of thousands of computers worldwide. I have been even confirmed by multiple sources in hacking and intelligence community that there are lots of groups and individuals who are actively exploiting Eternalblue for different motives. Moreover, the Eternalblue SMB exploit ( MS17-010 ) has now been ported to  Met

Even A Single Computer Can Take Down Big Servers Using BlackNurse Attack

Even A Single Computer Can Take Down Big Servers Using BlackNurse Attack
Nov 14, 2016
Yes, you only need a single laptop with a decent internet connection, rather a massive botnet, to launch overwhelming denial of service (DoS) attacks in order to bring down major Internet servers and modern-day firewalls. Researchers at TDC Security Operations Center have discovered a new attack technique that lone attackers with limited resources (in this case, a laptop and at least 15Mbps of bandwidth) can use to knock large servers offline. Dubbed a BlackNurse attack or the low-rate " Ping of Death " attack, the technique can be used to launch several low-volume DoS attacks by sending specially formed Internet Control Message Protocol (ICMP) packets, or 'pings' that overwhelm the processors on server protected by firewalls from Cisco, Palo Alto Networks, among others. ICMP is a protocol used by routers and other networking devices to send and receive error messages. According to a technical report [ PDF ] published this week, the BlackNurse attack is mo

Creator of MegalodonHTTP DDoS Botnet Arrested

Creator of MegalodonHTTP DDoS Botnet Arrested
Jan 15, 2016
Last month, the Norway police arrested five hackers accused of running the MegalodonHTTP Remote Access Trojan (RAT). The arrests came as part of the joint operation between Norway's Kripos National Criminal Investigation Service and Europol, codenamed " OP Falling sTAR ." According to the United States security firm, all the five men, aged between 16 and 24 years and located in Romania, France, and Norway, were charged with possessing, using and selling malware. One of those arrested also confessed to running his own web store where he sold malware, designed to take full control of target computers, harvesting passwords, and other personal data. Moreover, the malware can be used to hijack webcams in real-time, and steal documents, images, and videos as well. "Damballa's threat discovery center worked in cooperation with the Norway police over the last few months to track and identify the author of the malware dubbed MegalodonHTTP," threat
Cybersecurity Resources