The dreaded Mirai distributed denial of service (DDoS) botnet could be making a return after researchers spotted a lookalike botnet that was rapidly expanding.
Cybersecurity researchers from Fortinet recently observed a botnet called IZ1H9 that added a dozen new payloads. The botnet is based on Mirai and targets routers from nearly a dozen manufacturers, which are vulnerable to multiple flaws. The routers targeted by new payloads include those built by D-Link, Netis, Sunhillo, Geutebruck, Yealink, Zyxel, TP-Link, Korenix, TOTOLINK, and possibly Prolink. The vulnerabilities that the hackers are targeting with these payloads date from 2015 to 2023.
Apparently, exploitation numbers peaked in early September 2023, reaching “tens of thousands” of attempts on vulnerable endpoints.
Add more bots
DDoS attacks are a common tactic among cybercriminals, disrupting Internet-facing websites and services. They overwhelm the target servers by sending obscene amounts of traffic their way, until they can no longer serve them all and simply crash. Although it may seem trivial, especially since the the average DDoS attack lasts less than 10 minutesthe attacks can cause all kinds of damage to a company (especially financial damage) and last painfully long.
DDoS attacks are often used in synergy with other forms of cyber attacks. In some cases, threat actors would disable the victim’s back-end with ransomware, and the front-end with DDoS. They then demanded payment in cryptocurrency in exchange for both the decryption key for the data in the back-end and for restoring the front-end.
In order to overwhelm a server, a botnet needs many endpoints, or bots, to send numerous data requests. That is why botnets strive to compromise and assimilate as many devices as possible. Routers, connected TVs, smart home appliances and anything else that connects to the internet can be used. Google recently said it repelled the largest DDoS attack ever, peaking at nearly 400 million requests per second.
Through BleepingComputer