Search results for botnets | Breaking Cybersecurity News | The Hacker News

This year marks the 40th anniversary of Creeper, the world's first computer virus. From Creeper to Stuxnet, the last four decades saw the number of malware instances boom from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Besides sheer quantity, viruses, which were originally used as academic proof of concepts, quickly turned into geek pranks, then evolved into cybercriminal tools. By 2005, the virus scene had been monetized, and virtually all viruses were developed with the sole purpose of making money via more or less complex business models. In the following story, FortiGuard Labs looks at the most significant computer viruses over the last 40 years and explains their historical significance. 1971: Creeper: catch me if you can While theories on self-replicating automatas were developed by genius mathematician Von Neumann in the early 50s, the first real computer virus was released "in lab" in 1971 by an employee of a company working on building ARPANET, the

Tor network offers users browse the Internet anonymously and is mostly used by activists, journalists to conceal their online activities from prying eyes. But it also has the Dark side, as Tor is also a Deep Web friendly tool that allows hackers and cyber criminals to carry out illicit activities by making themselves anonymous. Kaspersky security researcher reported that Tor network is currently being used to hide 900 botnet and other illegal hidden services, through its 5,500 plus nodes i.e. Server relays and 1,000 exit nodes i.e. Servers from which traffic emerges. These days, Cyber criminals are hosting malware's Command-and-control server on an anonymous Tor network to evade detection i.e., difficult to identify or eliminate. Illegal use of the Tor network boosted up after the launch of the most popular underground Drug Market - Silk road  that also offered arms and malware to their users against Bitcoin , one of the popular crypto currency . ChewBacca , a point-

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit edge-case vulnerabilities. Instead, they often use commonly available tools and exploit multiple vulnerability points. By simulating a real-world network attack, security teams can test their detection systems, ensure they have multiple choke points in place, and demonstrate the value of networking security to leadership. In this article, we demonstrate a real-life attack that could easily occur in many systems. The attack simulation was developed based on the MITRE ATT&CK framework, Atomic Red Team,  Cato Networks ' experience in the field, and public threat intel. In the end, we explain why a holistic secur

Multiple zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm Qihoo 360 's Netlab team, who say different attack groups have been using LILIN DVR zero-day vulnerabilities to spread Chalubo , FBot , and Moobot botnets at least since August 30, 2019. Netlab researchers said they reached out to LILIN on January 19, 2020, although it wasn't until a month later the vendor released a firmware update (2.0b60_20200207) addressing the vulnerabilities. The development comes as IoT devices are increasingly being used as an attack surface to launch DDoS attacks and as proxies to engage in various forms of cybercrime. What Are the LILIN Zero-Days About? The flaw in itself concerns a chain of vulnerabilities that make use of hard-coded login cred

The Distributed Denial of Service ( DDoS ) attack has become more sophisticated and complex and therefore has become one of the favorite weapon for the cyber criminals to temporarily suspend the services of any host connected to the Internet and till now nearly every big site had been a victim of this attack, from WordPress to online game websites. According to the new report released by a US based security solutions provider  Incapsula , DDOS activities have become threefold since the start of the year 2013, pointing the key source of trash traffic to be the remotely controlled " zombie army " that can be used to flood various websites by DDoS attacks and other malicious activities. The report site as " DDOS Threat Landscape ", explains that almost one in every three DDoS attacks is above 20Gbps and 81% of attacks feature multiple vector threats. The attackers are becoming more skillful at working around the network security and reusing their DDOS Botnets to attack multi

Not following cybersecurity best practices could not only cost online users but also cost cybercriminals. Yes, sometimes hackers don't take best security measures to keep their infrastructure safe. A variant of IoT botnet, called Owari , that relies on default or weak credentials to hack insecure IoT devices was found itself using default credentials in its MySQL server integrated with command and control (C&C) server, allowing anyone to read/write their database. Ankit Anubhav, the principal security researcher at IoT security firm NewSky Security, who found the botnets, published a blog post about his findings earlier today, detailing how the botnet authors themselves kept an incredibly week username and password combination for their C&C server's database. Guess what the credentials could be? Username: root Password: root These login credentials helped Anubhav gain access to the botnet and fetch details about infected devices, the botnet authors who

In recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries. One of the most notable platforms that has been host to many malicious actors and nefarious activities has been Telegram. Thanks to its accessibility, popularity, and user anonymity, Telegram has attracted a large number of threat actors driven by criminal purposes.  Many of the cybercriminals that have moved operations into  illicit telegram channels  in order to expand their reach and exploits to wider audiences. As a result, many of these illicit Telegram networks have negatively impacted many industries in relation to the increase of cyberattacks and data leaks that have occurred across the globe.  While any industry can be affected by the cybercriminals operating on Telegram, there are several industries that are more significantly impacted by these illicit activities. In this post, we'll cover several of the common illicit activi

U.S. and European law enforcement agencies have shut down a highly sophisticated piece of the botnet that had infected more than 12,000 computers worldwide , allowing hackers to steal victims' banking information and other sensitive data. The law enforcement agencies from the United States, United Kingdom and the European Union conducted a joint operation to get rid of the botnet across the globe and seized the command-and-control server that had been used to operate the nasty Beebone (also known as AAEH ) botnet . What's a Botnet? A botnet is a network of large number of computers compromised with malicious software and controlled surreptitiously by hackers without the knowledge of victims. Basically, a "botnet" is a hacker's "robot" that does the malicious work directed by hackers. Hackers and Cyber Criminals have brushed up their hacking skills and started using Botnets as a cyber weapon to carry out multiple crimes such as DDoS attacks

On-demand cloud computing is a wonderful tool for companies that need some computing capacity for a short time, but don't want to invest in fixed capital for long term. For the same reasons, cloud computing can be very useful to hackers.  A lot of hacking activities involve cracking passwords , keys or other forms of brute force that are computationally expensive but highly parallelizable. For a hacker, there are two great sources for on-demand computing: botnets made of consumer PCs and infrastructure-as-a-service (IaaS) from a service provider. Either one can deliver computing on-demand for the purpose of brute force computation. Botnets are unreliable, heterogeneous and will take longer to "provision." But they cost nothing to use and can scale to enormous size. Researchers have found botnets composed of hundreds of thousands of PCs. A commercial cloud computing offering will be faster to provision, have predictable performance and can be billed to

In recent months, we've seen the rootkit family Win32/Sirefef and Win64/Sirefef (also known as ZeroAccess Botnet ) update its command and control protocol and grow to infect more computers while connecting to over one million computers globally.  Before, disclosed that it creates its own hidden partition on the hard drive and uses hidden alternative data streams to hide and thrive. Then ZeroAccess developer changed infection tactics and stopped using kernel-mode components in the latest version Security firms tracked the growth of x64 version infections. But Recently uncovered by SophosLabs that ZeroAccess botnet took a major shift in strategy and operating entirely in user-mode memory. There are two distinct ZeroAccess botnets, and each has a 32-bit version and a 64-bit version, numbering four botnets in total. Each botnet is self-contained because it communicates exclusively on a particular port number hard-coded into the bot executable. The botnets can be categorised based o

Hackers selling cheap BOTNETs and DDOS on forums The Internet has revolutionized shopping around the world. Security researchers F-Secure reported recently in a post that hackers are Selling Cheap DDOS services on Various Forums. Hackers are offering services like distributed denial of service attacks (DDoS), which can be used to knock website offline in just 1 - 2 hours / 2$ per hour. They Posted a Youtube Video in which a young woman advertises DDoS services. " We are here to provide you a cheap professional ddos service.We can hit most large websites/forums game servers.We will test the website/server before accepting your money.Due to the nature of the business we dont offer refunds. " Offer said . There is another Interesting Hacker's Shop ! Moreover, for their assaults, the hackers chiefly utilize botnets, while ignorant operators of computers remain unaware that they've gotten contaminated with malware as also being controlled remotely. " Do you wan

Cyber crime enterprise is showing a growing interest in monetization of botnets , the most targeted sector in recent months is banking. One of most active malware that still menaces Banking sector is the popular Zeus . Zeus is one of the oldest, it is active since 2007, and most prolific malware that changed over time according numerous demands of the black-market. Recently, Underground forums are exploded the offer of malicious codes, hacking services and bullet proof hosting to organize a large scale fraud. Cyber criminals are selling kits at reasonable prices or entire botnets for renting, sometimes completing the offer with information to use during the attacks. The model described, known also as a Fraud-as-a-Service , is winning, malicious code such as Zeus, SpyEye , Ice IX, or even Citadel have benefited of the same sales model, cyber criminals with few hundred dollars are able to design their criminal operation. Since now the sales model and the actor invol

A new malware called  Condi  has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. Fortinet FortiGuard Labs  said  the campaign has ramped up since the end of May 2023. Condi is the work of a threat actor who goes by the online alias zxcr9999 on Telegram and runs a Telegram channel called Condi Network to advertise their warez. "The Telegram channel was started in May 2022, and the threat actor has been monetizing its botnet by providing DDoS-as-a-service and selling the malware source code," security researchers Joie Salvio and Roy Tay said. An analysis of the malware artifact reveals its ability to terminate other competing botnets on the same host. It, however, lacks a persistence mechanism, meaning the program cannot survive a system reboot. To get around this limitation, the malware deletes multiple binaries that are used to shut down or reboot the

A network of compromised Linux servers has grown so powerful that it can blow large websites off the Internet by launching crippling Distributed Denial-of-service (DDoS ) attacks of over 150 gigabits per second (Gbps). The distributed denial-of-service network, dubbed XOR DDoS Botnet , targets over 20 websites per day , according to an advisory published by content delivery firm Akamai Technologies. Over 90 percent of the XOR DDoS targets are located in Asia, and the most frequent targets are the gaming sector and educational institutions. XOR creator is supposed to be from China, citing the fact that the IP addresses of all Command and Control (C&C) servers of XOR are located in Asia, where most of the infected Linux machines also reside. How XOR DDoS Botnet infects Linux System? Unlike other DDoS botnets , the XOR DDoS botnet infects Linux machines via embedded devices such as network routers and then brute forces a machine's SSH service to gain ro

Rapidly growing, insecure internet-connected devices are becoming albatross around the necks of individuals and organizations with malware authors routinely hacking them to form botnets that can be further used as weapons in DDoS and other cyber attacks. But now finding malicious servers, hosted by attackers, that control botnet of infected machines gets a bit easier. Thanks to Shodan and Recorded Future. Shodan and Recorded Future have teamed up and launched Malware Hunter – a crawler that scans the Internet regularly to identify botnet command and control (C&C) servers for various malware and botnets. Command-and-control servers ( C&C servers ) are centralized machines that control the bots ( computers, smart appliances or smartphones ), typically infected with Remote Access Trojans or data-stealing malware, by sending commands and receiving data. Malware Hunter results have been integrated into Shodan – a search engine designed to gather and list information abo

Botnets, like Mirai , that are capable of infecting Linux-based internet-of-things (IoT) devices are constantly increasing and are mainly designed to conduct Distributed Denial of Service (DDoS) attacks, but researchers have discovered that cybercriminals are using botnets for mass spam mailings. New research conducted by Russian security firm Doctor Web has revealed that a Linux Trojan, dubbed Linux.ProxyM that cybercriminals use to ensure their online anonymity has recently been updated to add mas spam sending capabilities to earn money. The Linux.ProxyM Linux Trojan, initially discovered by the security firm in February this year, runs a SOCKS proxy server on an infected IoT device and is capable of detecting honeypots in order to hide from malware researchers. Linux.ProxyM can operate on almost all Linux device, including routers, set-top boxes, and other equipment having the following architectures: x86, MIPS, PowerPC, MIPSEL, ARM, Motorola 68000, Superh and SPARC.