Researchers have observed several cyberattacks leveraging a botnet called IZ1H9, which exploits vulnerabilities in exposed devices and servers running on Linux.
31 May 2023
A new report shows that 2022 saw a 300 percent increase in 'carpet bomb' DDoS attacks compared to 2021. Carpet bomb attacks, also known as spread-spectrum or spray attacks, distribute traffic across large IP address spaces. Legacy technology, like standard victim-oriented detection and mitigation detection techniques, often fails to accurately identify these attacks, leading to incomplete mitigation or false positives. Legacy solutions can also simply be overwhelmed by the number of IP addresses involved. The DDoS Threat Intelligence Report from Corero Network Security also reveals over seven times as many Mirai-like DDoS attacks in 2022 than in 2021. These botnet…
[Continue Reading]
17 May 2023
This Tech Tip demonstrates how security engineers can best use rate limits to mitigate distributed denial-of-service attacks.
15 May 2023
New samples of the RapperBot botnet malware have added cryptojacking capabilites to mine for cryptocurrency on compromised Intel x64 machines. [...]
10 May 2023
Cryptomining is a logical partner for an existing IoT-focused DDoS botnet, so the RapperBot authors customized XMRig to make it happen.
10 May 2023
A new malware botnet named 'AndoryuBot' is targeting a critical-severity flaw in the Ruckus Wireless Admin panel to infect unpatched Wi-Fi access points for use in DDoS attacks. [...]
09 May 2023
Ten of the domains targeted today were "reincarnations" of services seized in December 2022.
09 May 2023
The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “booter” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters.
09 May 2023
The U.S. Justice Department announced today the seizure of 13 more domains linked to DDoS-for-hire platforms, also known as 'booter' or 'stressor' services. [...]
08 May 2023
Hackers are running raids during holidays, report warns.
28 April 2023
The group has unleashed numerous attacks against the country during the week of Israel's Independence Day.
27 April 2023
More than 2,000 global organizations — including Fortune 1,000 companies — are at risk to reflective DDoS attacks that exploit a vulnerability discovered in the legacy Internet protocol.
26 April 2023
TP-Link routers in Eastern Europe were the first to be targeted with a high-severity flaw.
26 April 2023
Bug has potential to facilitate 2200x amplification attacks
26 April 2023
A study found that ransomware threats are viewed as having the lowest overall perceived likelihood of attack on the edge.
25 April 2023
A new reflective Denial-of-Service (DoS) amplification vulnerability in the Service Location Protocol (SLP) allows threat actors to launch massive denial-of-service attacks with 2,200X amplification. [...]
25 April 2023
Hyper-volumetric DDoS (distributed denial of service) attacks in the first quarter of 2023 have shifted from relying on compromised IoT devices to leveraging breached Virtual Private Servers (VPS). [...]
12 April 2023
Website takedowns driven by Russian hacktivists
04 April 2023
Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web service that catered to cybercriminals operating DDoS-for-hire services. Fly Hosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure.
31 March 2023
The United Kingdom's National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.
28 March 2023