#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

botnet | Breaking Cybersecurity News | The Hacker News

Friday's Massive DDoS Attack Came from Just 100,000 Hacked IoT Devices

Friday's Massive DDoS Attack Came from Just 100,000 Hacked IoT Devices
Oct 27, 2016
Guess how many devices participated in last Friday's massive DDoS attack against DNS provider Dyn that caused vast internet outage? Just 100,000 devices. I did not miss any zeros. Dyn disclosed on Wednesday that a botnet of an estimated 100,000 internet-connected devices was hijacked to flood its systems with unwanted requests and close down the Internet for millions of users. Dyn executive vice president Scott Hilton has issued a statement , saying all compromised devices have been infected with a notorious Mirai malware that has the ability to take over cameras, DVRs, and routers. "We're still working on analyzing the data but the estimate at the time of this report is up to 100,000 malicious endpoints," Hilton said. "We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets." Mirai malware scans for Internet of Things (IoT) devices that are still using their default passwords and then enslaves those

Chinese Electronics Firm to Recall its Smart Cameras recently used to Take Down Internet

Chinese Electronics Firm to Recall its Smart Cameras recently used to Take Down Internet
Oct 24, 2016
You might be surprised to know that your security cameras, Internet-connected toasters and refrigerators may have inadvertently participated in the massive cyber attack that broke a large portion of the Internet on Friday. That's due to massive Distributed Denial of Service (DDoS) attacks against Dyn, a major domain name system (DNS) provider that many sites and services use as their upstream DNS provider for turning IP addresses into human-readable websites. The result we all know: Twitter, GitHub, Amazon, Netflix, Pinterest, Etsy, Reddit, PayPal, and AirBnb, were among hundreds of sites and services that were rendered inaccessible to Millions of people worldwide for several hours. Why and How the Deadliest DDoS Attack Happened It was reported that the Mirai bots were used in the massive DDoS attacks against DynDNS, but they "were separate and distinct" bots from those used to execute record-breaking DDoS attack against French Internet service and hosting

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Source Code for IoT botnet responsible for World's largest DDoS Attack released Online

Source Code for IoT botnet responsible for World's largest DDoS Attack released Online
Oct 03, 2016
With rapidly growing Internet of Thing (IoT) devices, they have become a much more attractive target for cybercriminals. Just recently we saw a record-breaking Distributed Denial of Service (DDoS) attacks against the France-based hosting provider OVH that reached over one Terabit per second (1 Tbps), which was carried out via a botnet of infected IoT devices. Now, such attacks are expected to grow more rapidly as someone has just released the source code for IoT botnet, which was 'apparently' used to carry out world's largest DDoS attacks. Internet of Things-Botnet 'Mirai' Released Online Dubbed Mirai , the malware is a DDoS Trojan that targets BusyBox systems , a collection of Unix utilities specifically designed for embedded devices like routers. The malware is programmed to hijack connected IoT devices that are using the default usernames and passwords set by the factory before devices are first shipped to customers. Spotted by Brian Krebs , the

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

IoT Botnet — 25,000 CCTV Cameras Hacked to launch DDoS Attack

IoT Botnet — 25,000 CCTV Cameras Hacked to launch DDoS Attack
Jun 28, 2016
The Internet of Things (IoTs) or Internet-connected devices are growing at an exponential rate and so are threats to them. Due to the insecure implementation, these Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Set-top boxes, Security Cameras and printers, are routinely being hacked and used as weapons in cyber attacks. We have seen how hackers literally turned more than 100,000 Smart TVs and Refrigerator into the cyber weapon to send out millions of malicious spam emails for hacking campaigns; we have also seen how hackers abused printers and set-top-boxes to mine Bitcoins. And now… Cyber crooks are hacking CCTV cameras to form a massive botnet that can blow large websites off the Internet by launching Distributed Denial-of-service (DDoS) attacks. Researchers at Security firm Sucuri came across a botnet of over 25,000 CCTV cameras targeting business around the globe while defending a small jewelry shop against a DDoS attack . Al

Hackers behind Dyre Malware Busted in Police Raid

Hackers behind Dyre Malware Busted in Police Raid
Feb 08, 2016
The world's most notorious financial hacking operation disrupted by Russian authorities in November, when they raided the offices associated with a Moscow-based film and production company named 25th Floor . According to the Russian authorities, 25th Floor was allegedly involved in distributing the notorious password-stealing malware known as Dyre Banking Trojan . Malware Costs Hundreds of $$$ Millions in Losses The Dyre banking Trojan was typically distributed via spam campaigns and was responsible for over hundreds of millions of dollars in losses at banking and financial institutions, including Bank of America Corp, PayPal, and JPMorgan Chase & Co. Dyre , also known as Dyreza , first appeared in July 2014 and updated to target Windows 10 systems and its newest Edge browser. However, Dyre has not been in use since the November raid, according to cyber security experts, who said the raid represents Russia's biggest effort up to date in cracking down

Creator of MegalodonHTTP DDoS Botnet Arrested

Creator of MegalodonHTTP DDoS Botnet Arrested
Jan 15, 2016
Last month, the Norway police arrested five hackers accused of running the MegalodonHTTP Remote Access Trojan (RAT). The arrests came as part of the joint operation between Norway's Kripos National Criminal Investigation Service and Europol, codenamed " OP Falling sTAR ." According to the United States security firm, all the five men, aged between 16 and 24 years and located in Romania, France, and Norway, were charged with possessing, using and selling malware. One of those arrested also confessed to running his own web store where he sold malware, designed to take full control of target computers, harvesting passwords, and other personal data. Moreover, the malware can be used to hijack webcams in real-time, and steal documents, images, and videos as well. "Damballa's threat discovery center worked in cooperation with the Norway police over the last few months to track and identify the author of the malware dubbed MegalodonHTTP," threat

New Botnet Hunts for Linux — Launching 20 DDoS Attacks/Day at 150Gbps

New Botnet Hunts for Linux — Launching 20 DDoS Attacks/Day at 150Gbps
Sep 30, 2015
A network of compromised Linux servers has grown so powerful that it can blow large websites off the Internet by launching crippling Distributed Denial-of-service (DDoS ) attacks of over 150 gigabits per second (Gbps). The distributed denial-of-service network, dubbed XOR DDoS Botnet , targets over 20 websites per day , according to an advisory published by content delivery firm Akamai Technologies. Over 90 percent of the XOR DDoS targets are located in Asia, and the most frequent targets are the gaming sector and educational institutions. XOR creator is supposed to be from China, citing the fact that the IP addresses of all Command and Control (C&C) servers of XOR are located in Asia, where most of the infected Linux machines also reside. How XOR DDoS Botnet infects Linux System? Unlike other DDoS botnets , the XOR DDoS botnet infects Linux machines via embedded devices such as network routers and then brute forces a machine's SSH service to gain ro

These Are The FBI's Most Wanted Hackers — Total $4.2 Million Reward

These Are The FBI's Most Wanted Hackers — Total $4.2 Million Reward
Jul 01, 2015
The US State Department and the Federal Bureau of Investigation are willing to pay a total $4.2 Million for information leading to the arrest and/or conviction of top 5 most wanted cyber criminals accused of conducting frauds of hundreds of millions of dollars. Evgeniy Bogachev,30; Nicolae Popescu, 34; Alexsey Belan, 28; Peteris Sahurovs, 26; and Shailesh Kumar Jain, 45; are in the list of FBI's Top 5 most-wanted hackers. 1. Evgeniy Mikhailovich Bogachev | Reward - $3 MILLION Evgeniy Mikhailovich Bogachev , also known under the aliases "lucky12345," "Slavik," and "Pollingsoon," is the mastermind behind the GameOver Zeus botnet , which was allegedly used by criminals to infect more than 1 Million computers, resulting in up to $100 Million in losses since 2009. Besides GameOver Zeus botnet, Bogachev is also accused of developing CryptoLocker Ransomware , which was designed to extort money from computer victims by holding their system

Beebone Botnet Taken Down By International Cybercrime Taskforce

Beebone Botnet Taken Down By International Cybercrime Taskforce
Apr 10, 2015
U.S. and European law enforcement agencies have shut down a highly sophisticated piece of the botnet that had infected more than 12,000 computers worldwide , allowing hackers to steal victims' banking information and other sensitive data. The law enforcement agencies from the United States, United Kingdom and the European Union conducted a joint operation to get rid of the botnet across the globe and seized the command-and-control server that had been used to operate the nasty Beebone (also known as AAEH ) botnet . What's a Botnet? A botnet is a network of large number of computers compromised with malicious software and controlled surreptitiously by hackers without the knowledge of victims. Basically, a "botnet" is a hacker's "robot" that does the malicious work directed by hackers. Hackers and Cyber Criminals have brushed up their hacking skills and started using Botnets as a cyber weapon to carry out multiple crimes such as DDoS attacks

Europol Takes Down RAMNIT Botnet that Infected 3.2 Million Computers

Europol Takes Down RAMNIT Botnet that Infected 3.2 Million Computers
Feb 25, 2015
It seems like the world has declared war against the Cyber Criminals. In a recent update, we reported that FBI is offering $3 Million in Reward for the arrest of GameOver Zeus botnet mastermind, and meanwhile British cyber-police has taken down widely-spread RAMNIT botnet . The National Crime Agency (NCA) in a joint operation with Europol's European Cybercrime Centre (EC3) and law enforcement agencies from Germany, Italy, the Netherlands, and the United Kingdom has taken down the Ramnit "botnet", which has infected over 3.2 million computers worldwide, including 33,000 in the UK. Alike GameOver Zeus, RAMNIT is also a ' botnet ' - a network of zombie computers which operate under criminal control for malicious purposes like spreading viruses, sending out spam containing malicious links, and carrying out distributed denial of service attacks (DDoS) in order to bring down target websites. RAMNIT believes to spread malware via trustworthy links se

FBI Offers $3 Million Reward For Arrest Of Russian Hacker

FBI Offers $3 Million Reward For Arrest Of Russian Hacker
Feb 25, 2015
The US State Department and the Federal Bureau of Investigation announced Tuesday a $3 Million reward for the information leading to the direct arrest or conviction of Evgeniy Mikhailovich Bogachev , one of the most wanted hacking suspects accused of stealing hundreds of millions of dollars with his malware. This is the highest bounty U.S. authorities have ever offered in any cyber case in its history. The 30-year-old Russian man who, according to bureau, is an alleged leader of a cyber criminal group who developed the GameOver Zeus botnet . STOLE MORE THAN $100 MILLION Evgeniy Mikhailovich Bogachev, also known under the aliases " lucky12345 ," " Slavik ," and " Pollingsoon, " was the mastermind behind the GameOver Zeus botnet , which was allegedly used by cybercriminals to infect more than 1 Million computers and resulted in more than $100 Million in losses since 2011. GameOver Zeus makes fraudulent transactions from online bank account

Over 17000 Mac Machines Affected by 'iWorm' Botnet Malware

Over 17000 Mac Machines Affected by 'iWorm' Botnet Malware
Oct 06, 2014
A newly discovered zombie network that exclusively targets Apple computers running Mac OS X across the globe has compromised roughly 17,000 machines so far, giving hackers backdoor access to infected computers, researchers at Russian antivirus firm Dr.Web warned. According to a survey of traffic conducted in September by researchers at Dr. Web, over 17,000 Macs globally are part of the Mac.BackDoor.iWorm botnet , which creates a backdoor on machines running OS X. Researchers say almost a quarter of iWorm botnet are located in the US. The most interesting thing to notice about this botnet is that it uses a special method of spreading via a search service of Reddit posts to a Minecraft server list subreddit to collect the IP addresses for its command and control (CnC) network. The user who had posted that subreddit data has now been shut down though the malware creators are likely to form another server list. " It is worth mentioning that in order to acquire a control server add

Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks

Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks
Sep 27, 2014
Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell ( Bash ), dubbed " Shellshock " which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well. BOTNET ATTACK IN THE WILD The bot was discovered by the security researcher with the Twitter handle @yinettesys , who reported it on Github and said it appeared to be remotely controlled by miscreants, which indicates that the vulnerability is already being used maliciously by the hackers. The vulnerability (CVE-2014-6271) , which came to light on Wednesday, affects versions 1.14 through 4.3 of GNU Bash and could become a dangerous threat to Linux/Unix and Apple users if the patches to BASH are not applied to the operating systems. However, the patches for the vulnerabil

Malicious Advertisements Found on Java.com, Other High-Profile Sites

Malicious Advertisements Found on Java.com, Other High-Profile Sites
Aug 29, 2014
A New York-based online ad network company AppNexus, that provides a platform specializing in real-time online advertising, has again been spotted as the origin of a recent "malvertising" campaign that makes use of the Angler Exploit Kit to redirect visitors to malicious websites hosting the Asprox malware. AppNexus servers process 16 billion ad buys per day, making it the biggest reach on the open web after Google. Back in May, AppNexus was serving malicious ads targeting Microsoft's Silverlight platform. The world's largest Internet Video Subscription service Netflix runs on Silverlight, and because of its popularity, hackers have been loading exploit kits with Silverlight. As part of this campaign, users of several high-profile websites including Java.com, Deviantart.com, TMZ.com, Photobucket.com, IBTimes.com, eBay.ie, Kapaza.be and TVgids.nl , last week were redirected to websites serving malicious advertisements that infected visitors by installing botnet ma

FBI — Botnets Infecting 18 Computers per Second. But How Many of Them NSA Holds?

FBI — Botnets Infecting 18 Computers per Second. But How Many of Them NSA Holds?
Jul 17, 2014
Botnets - a secretly compromised networks of ordinary home and office computers with rogue software or "malware" that are controlled by an individual criminal or a group - has dramatically increased over the past several years and are considered to pose the biggest threat to the Internet. Cyber criminals have brushed-up their hacking skills and are using Botnets as a cyber weapon to carry out multiple crimes like DDoS attacks (distributed denial of service), mass spamming, page rank and advertising revenue manipulation, mining bitcoins, cyber espionage and surveillance etc. 18 BOTNET INFECTIONS PER SECOND According to the director of FBI's cyber division, Joseph Demarest, Botnet has become one of the biggest enemies of the Internet today, and therefore its impact has been significant. Yesterday during a hearing before a U.S. Senate committee, he says that every second 18 computers worldwide are part of botnet armies, which amounts to over 500 million comp

After Takedown, GameOver Zeus Banking Trojan Returns Again

After Takedown, GameOver Zeus Banking Trojan Returns Again
Jul 12, 2014
A month after the FBI and Europol took down the GameOver Zeus botnet by seizing servers and disrupting the botnet's operation, security researchers have unearthed a new variant of malware based explicitly on the same Gameover ZeuS that compromised users' computers and collectively formed a massive botnet. GAMEOVER ZEUS TROJAN The massive botnet, essentially a collection of zombie computers, specifically was designed to steal banking passwords with the capability to perform Denial of Service (DoS) attacks on banks and other financial institutions in order to deny legitimate users access to the site, so that the thefts kept hidden from the users. As a result of it, Gameover ZeuS' developers have stolen more than $100 million from banks, businesses and consumers worldwide. NEW GAMEOVER ZEUS TROJAN On Thursday, security researchers at the security firm Malcovery came across a series of new spam campaigns that were distributing a piece of malware based on the Gameover Zeus code which
Cybersecurity Resources