Botnets – Page 4 – WindowsTechs.com

New Sophisticated Malware

Posted on May 4, 2022 by Bruce Schneier

Mandiant is reporting on a new botnet.

The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. There are many keys to its stealth, including:

The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point controllers, and other types of IoT devices that don’t support antivirus or endpoint detection. This makes detection through traditional means difficult.
…

Continue reading New Sophisticated Malware→

Group behind Emotet botnet malware testing new methods to get around Microsoft security

Posted on April 26, 2022 by AJ Vicens

Recent changes to Microsoft automation capabilities may be forcing cybercrime operators to adapt.

The post Group behind Emotet botnet malware testing new methods to get around Microsoft security appeared first on CyberScoop.

Continue reading Group behind Emotet botnet malware testing new methods to get around Microsoft security→

DDoS attacks in Q1 2022

Posted on April 25, 2022 by Alexander Gutnikov, Oleg Kupreev, Yaroslav Shmelev

Against the backdrop of the conflict between Russia and Ukraine, the number of DDoS attacks in Q1 2022 increased by 4.5 times against Q1 2021. A significant proportion of them were by hacktivists. Continue reading DDoS attacks in Q1 2022→

Emotet modules and recent attacks

Posted on April 13, 2022 by AMR

Emotet was disrupted in January 2021 and returned in November. This report provides technical description of its active modules and statistics on the malware’s recent attacks. Continue reading Emotet modules and recent attacks→

US Disrupts Russian Botnet

Posted on April 7, 2022 by Bruce Schneier

The Justice Department announced the disruption of a Russian GRU-controlled botnet:

The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU). The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet. Although the operation did not involve access to the Sandworm malware on the thousands of underlying victim devices worldwide, referred to as “bots,” the disabling of the C2 mechanism severed those bots from the Sandworm C2 devices’ control. …

Continue reading US Disrupts Russian Botnet→

US says it disrupted Russian botnet ‘before it could be weaponized’

Posted on April 6, 2022 by Joe Warminsky

The botnet was being assembled by Russia’s foreign intelligence agency, the GRU, Attorney General Merrick Garland said at a news conference.

The post US says it disrupted Russian botnet ‘before it could be weaponized’ appeared first on CyberScoop.

Continue reading US says it disrupted Russian botnet ‘before it could be weaponized’→

Sandworm-linked botnet has another piece of hardware in its sights

Posted on March 17, 2022 by Joe Warminsky

The CyclopsBlink botnet is now targeting internet routers from hardware maker ASUS, Trend Micro researchers said.

The post Sandworm-linked botnet has another piece of hardware in its sights appeared first on CyberScoop.

Continue reading Sandworm-linked botnet has another piece of hardware in its sights→

DDoS attacks in Q4 2021

Posted on February 10, 2022 by Alexander Gutnikov, Oleg Kupreev, Yaroslav Shmelev

In Q4 2021, as expected, the number of DDoS attacks rose, while DDoS botnets weaponized a Log4Shell vulnerability. In this report, we present the main DDoS trends and statistics. Continue reading DDoS attacks in Q4 2021→

Google Shuts Down Glupteba Botnet, Sues Operators

Posted on December 9, 2021 by Bruce Schneier

Google took steps to shut down the Glupteba botnet, at least for now. (The botnet uses the bitcoin blockchain as a backup command-and-control mechanism, making it hard to get rid of it permanently.) So Google is also suing the botnet’s operators…. Continue reading Google Shuts Down Glupteba Botnet, Sues Operators→

DDoS attacks in Q3 2021

Posted on November 8, 2021 by Alexander Gutnikov, Oleg Kupreev, Yaroslav Shmelev

This report provides DDoS attack statistics for Q3 2021, as well as a news roundup and forecasts for the next quarter. Continue reading DDoS attacks in Q3 2021→