Recent developments in the cybersecurity world have seen a resurgence of distributed denial-of-service (DDoS) attacks due to separate spinoffs of the notorious Mirai botnet. These attacks have been causing disruptions globally, with one group utilizing specific vulnerabilities in Internet of Things (IoT) devices to create expansive botnet networks, while another is targeting organizations in North America, Europe, and Asia since the end of 2024.

One of these spinoffs, dubbed “Murdoc_Botnet,” has been actively targeting Avtech cameras and Huawei HG532 routers, according to researchers from Qualys. This operation, which started in July and currently involves over 1,300 active IPs, has been using existing exploits like CVE-2024-7029 and CVE-2017-17215 to download next-stage payloads onto compromised devices. Most of the IP addresses associated with this campaign are concentrated in Malaysia, Thailand, Mexico, and Indonesia.

Qualys researchers have identified more than 100 sets of servers linked to the Murdoc botnet, each performing specific tasks to facilitate the ongoing campaign. In their investigation, they found over 500 samples containing files associated with this botnet, indicating a sophisticated and widespread operation targeting various IoT devices.

Meanwhile, another botnet, which combines malware variants derived from Mirai and Bashlite, has been exploiting security flaws and weak credentials in IoT devices to launch DDoS attacks worldwide. Researchers at Trend Micro have observed a significant increase in DDoS attacks against Japanese organizations at the end of 2024, which later expanded into a global campaign affecting companies in the US, Bahrain, Poland, Spain, and other countries. The primary targets of these attacks have been wireless routers and IP cameras from reputable brands such as TP-Link, Zyxel, and Hikvision.

The attackers behind these campaigns have been exploiting flaws in the targeted devices, along with weak passwords, to compromise them and use them as part of their botnet networks. These attacks employ different strategies, including overloading networks with a large number of packets and exhausting server resources by establishing numerous sessions. Mitigation efforts recommended by Trend Micro include blocking specific IP addresses or protocols, collaborating with service providers to filter traffic, and strengthening router hardware to handle increased packet processing.

As the threat of Mirai-related botnets continues to evolve, organizations are advised to monitor their networks for suspicious activity, exercise caution when executing scripts from untrusted sources, and implement robust security measures to defend against DDoS attacks. By staying vigilant and proactive, businesses can better protect themselves from the growing menace of botnet-driven cyberattacks.

Source link