CyberSecurity news

FlagThis - #ddos

CISO2CISO Editor 2@ciso2ciso.com - 40d

Mirai Botnet Launches Massive 5.6 Tbps DDoS Attack - Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack launched by a Mirai-variant botnet, highlighting the need for robust DDoS mitigation strategies.
Cloudflare successfully mitigated a record-breaking 5.6 Tbps Distributed Denial of Service (DDoS) attack on October 29, 2024. The attack, launched by a Mirai-variant botnet, targeted an internet service provider (ISP) in East Asia. The botnet comprised of 13,000 compromised IoT devices flooding the target with malicious data, which aimed to cripple the ISP’s operations.

The attack lasted only 80 seconds, but Cloudflare's autonomous defence systems promptly identified and mitigated the anomalous traffic without human intervention, intercepting and neutralizing the malicious data at Cloudflare's edge nodes. Each IP address within the botnet generated an average traffic of approximately 4 Gbps. The successful defense highlights the escalating sophistication and scale of DDoS threats, with hyper-volumetric attacks exceeding 1 Tbps dramatically increasing. This incident underscores the importance of robust DDoS mitigation strategies and the need for continuous evolution in network security.

Recommended read:
References :
  • ciso2ciso.com: New Mirai Malware Variant Targets AVTECH Cameras, Huawei Routers – Source: www.infosecurity-magazine.com
  • securityaffairs.com: New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers
  • The Hacker News: Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
  • Techzine Global: Mirai variant Murdoc_Botnet targets cameras and routers
  • ciso2ciso.com: New Mirai Malware Variant Targets AVTECH Cameras, Huawei Routers – Source: www.infosecurity-magazine.com
  • discuss.privacyguides.net: New botnet network targets Avtech cameras and Hauwei HG532 routers
  • hackread.com: New Mirai Variant Murdoc_Botnet Launches DDoS Attacks via IoT Exploits
  • bsky.app: Interesting research from Qualys here where they found a botnet that’s infected vulnerable AVTECH cameras and Huawei routers.
  • cyberpress.org: New IoT Botnet Launching large-scale DDoS attacks Hijacking IoT Devices
  • gbhackers.com: New IoT Botnet Launching Large-Scale DDoS attacks Hijacking IoT Devices
  • securityonline.info: IoT Botnet Fuels Large-Scale DDoS Attacks Targeting Global Organizations
  • ciso2ciso.com: Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers – Source:thehackernews.com
  • ciso2ciso.com: New Mirai Variant Murdoc_Botnet Launches DDoS Attacks via IoT Exploits
  • : Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
  • ciso2ciso.com: Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices.
  • ciso2ciso.com: Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices
  • ciso2ciso.com: Details about the mitigation of the DDoS attack.
  • gbhackers.com: Record Breaking 5.6 Tbps DDoS attack Launched by Mirai Botnet
  • ciso2ciso.com: Cloudflare Mitigates Massive 5.6 Tbps Mirai-Variant DDoS Attack – Source:hackread.com
  • gbhackers.com: Record Breaking 5.6 Tbps DDoS attack Launched by Mirai Botnet
  • securityonline.info: Mirai Botnet Unleashes Record-Breaking DDoS Attack, Cloudflare Thwarts Threat
  • hackread.com: Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack
  • gbhackers.com: Researchers have identified an active malware campaign involving a Mirai botnet variant, dubbed Murdoc, which has been targeting AVTECH cameras and Huawei HG532 routers since at least July 2024.
  • BleepingComputer: The largest distributed denial-of-service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices.
  • gbhackers.com: Researchers have identified an active malware campaign involving a Mirai botnet variant, dubbed Murdoc, which has been targeting AVTECH cameras and Huawei HG532 routers since at least July 2024.
  • securityonline.info: On October 29, 2024, Cloudflare revealed details of a DDoS attack orchestrated using a Mirai botnet comprising 13,000
  • : Cloudflare Mitigates Massive 5.6 Tbps Mirai-Variant DDoS Attack – Source:hackread.com
  • blog.cloudflare.com: In 2024, Cloudflare's autonomous DDoS defense systems blocked 21.3M DDoS attacks, up 53% YoY, and 420 DDoS attacks in Q4 2024 exceeded 1 Tbps, up 1,885% QoQ (The Cloudflare Blog)
  • : Cloudflare thwarts a massive 5.6 Tbps Mirai-variant DDoS attack targeting one of its customers
MalBot@malware.news - 52d

Banshee Stealer Uses Apple Encryption Algorithm - A new version of the Banshee macOS stealer, linked to Russian-speaking cyber criminals, uses the same string encryption algorithm as Apple’s XProtect antivirus engine to steal browser and login credentials, cryptocurrency wallets, and other sensitive information.
Check Point Research has identified a new version of the Banshee macOS stealer, a malware linked to Russian-speaking cyber criminals that targets macOS users. This updated version of the Banshee stealer uses the same string encryption algorithm as Apple's XProtect antivirus engine, allowing it to evade detection. The stealer operates as a 'stealer-as-a-service' and is used to steal browser credentials, cryptocurrency wallets, user passwords, and sensitive file data. It was initially distributed through malicious GitHub repositories and phishing websites which also targeted Windows users with Lumma Stealer.

The Banshee malware has seen a number of changes, with its original source code being leaked on underground forums, which ultimately led to the author shutting down their operations. Despite the shutdown, threat actors continue to distribute this new version of Banshee via phishing websites. The malware is designed to infiltrate macOS systems by using anti-analysis methods to evade debugging tools and antivirus engines by blending into legitimate processes. It has the ability to compromise cryptocurrency wallets, steal sensitive data, and deceive users with fake pop-ups to reveal their passwords.

Recommended read:
References :
  • ciso2ciso.com: New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices – Source: www.infosecurity-magazine.com
  • malware.news: Industrial router zero-day leveraged by new Mirai-based botnet
  • www.scworld.com: Industrial router zero-day leveraged by new Mirai-based botnet
  • gbhackers.com: Mirai Botnet Variant Exploits Zero-Day Vulnerabilities in Routers
  • securityonline.info: “Gayfemboy” Botnet Leveraging 0-Day Exploit in Four-Faith Industrial Routers
  • ciso2ciso.com: New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices – Source: www.infosecurity-magazine.com
  • gbhackers.com: Mirai Botnet Variant Exploits Zero-Day Vulnerabilities in Routers
  • securityonline.info: “Gayfemboy” Botnet Leveraging 0-Day Exploit in Four-Faith Industrial Routers
  • : Check Point Research : Since September, Check Point Research has been monitoring a new version of the Banshee macOS stealer, a malware linked to Russian-speaking cyber criminals targeting macOS users.
  • malware.news: Banshee: The Stealer That “Stole Code” From MacOS XProtect
  • research.checkpoint.com: Banshee: The Stealer That “Stole Code” From MacOS XProtect
  • securityonline.info: Malware Alert: Banshee Stealer Targets macOS Users
  • www.bleepingcomputer.com: Banshee stealer evades detection using Apple XProtect encryption algo
  • www.sentinelone.com: Banshee: The Stealer That “Stole Code” From MacOS XProtect
  • Thomas Roccia :verified:: 🧐 CheckPoint recently released a macOS malware analysis report about the Banshee Stealer!
  • it-online.co.za: Banshee Stealer targets macOS users
  • ciso2ciso.com: Banshee 2.0 Malware Steals Apple’s Encryption to Hide on Macs – Source: www.darkreading.com
  • ciso2ciso.com: Banshee 2.0 Malware Steals Apple’s Encryption to Hide on Macs – Source: www.darkreading.com
  • securityaffairs.com: Banshee macOS stealer supports new evasion mechanisms
  • 9to5Mac: Security Bite: macOS malware ‘Banshee’ found using Apple’s own code to evade detection
  • 9to5mac.com: Security Bite: macOS malware ‘Banshee’ found using Apple’s own code to evade detection
  • ciso2ciso.com: Banshee Stealer Hits macOS Users via Fake GitHub Repositories – Source:hackread.com
  • Latest from TechRadar: This devious macOS malware is evading capture by using Apple's own encryption
  • : Banshee 2.0 Malware Steals Apple’s Encryption to Hide on Macs – Source: www.darkreading.com
  • ciso2ciso.com: Malware targets Mac users by using Apple’s security tool – Source: www.csoonline.com
@CSO Online - 40d

Unsecured Tunneling Exposes Millions of Hosts - Over 4.2 million hosts are vulnerable to spoofing and DDoS attacks due to unauthenticated tunneling protocols.
A new report reveals that over 4.2 million internet hosts, including VPN servers, routers, and CDN nodes are vulnerable to attacks due to unsecured tunneling protocols. These protocols, such as IP6IP6, GRE6, 4in6, and 6in4, lack proper authentication and encryption, allowing attackers to hijack these systems for anonymous attacks, gain unauthorized access to networks, and launch amplified denial-of-service (DoS) attacks. The vulnerabilities stem from the fact that these protocols do not verify the sender's identity or encrypt data, creating an opening for malicious traffic injection.

Researchers have identified specific CVE identifiers for these vulnerabilities including CVE-2024-7595 (GRE and GRE6), CVE-2024-7596 (Generic UDP Encapsulation), and CVE-2025-23018/23019 (IPv4-in-IPv6 and IPv6-in-IPv4). Successful exploitation allows threat actors to abuse vulnerable systems as one-way proxies, conduct denial-of-service attacks using methods like "Ping-Pong Amplification," and perform man-in-the-middle attacks. It has been found that almost 40% of vulnerable Autonomous Systems fail to filter spoofing hosts, which greatly amplifies the risk. Experts recommend using security protocols like IPSec or WireGuard to secure systems against these attacks.

Recommended read:
References :
  • securityonline.info: New Tunneling Protocol Vulnerabilities Expose 4.2 Million Hosts to Cyberattacks
  • The Hacker News: Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
  • www.csoonline.com: Millions of tunneling hosts are vulnerable to spoofing, DDoS attacks, say researchers
  • securityonline.info: New Tunneling Protocol Vulnerabilities Expose 4.2 Million Hosts to Cyberattacks
@securityboulevard.com - 19d

DDoS Attacks Surge 56% in 2024, Gcore Report Shows - Gcore’s Q3-Q4 2024 Radar report reveals a 56% year-on-year increase in DDoS attacks, with the gaming and financial services industries being the most targeted.
Gcore's Q3-Q4 2024 Radar report reveals a significant 56% year-on-year increase in DDoS attacks, highlighting a steep long-term growth trend. The report indicates a concerning escalation in the total number of DDoS attacks and their magnitude, with the largest attack peaking at 2 Tbps, an 18% increase from Q1-Q2 2024. DDoS attacks are also becoming shorter in duration but more powerful.

The gaming industry remains the most targeted sector, accounting for 34% of all attacks. However, the financial services sector experienced a significant surge, accounting for 26% of all DDoS attacks, up from 12% in the previous period. The technology industry also saw a steady increase in its share of DDoS attacks. The increase to the technology sector increasing from 7% to 19% since Q3-Q4 2023. This shift shows DDoS attackers recognize the wide-reaching disruption potential of attacking technology services.

Recommended read:
References :
@www.bleepingcomputer.com - 37d

Cloudflare Mitigates Massive DDoS and Leaks Location Data - Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack and addressed a CDN vulnerability that could expose users' location.
Cloudflare has recently mitigated a record-breaking 5.6 Tbps DDoS attack, showcasing the increasing sophistication and scale of cyber threats. The attack, a Mirai-variant botnet attack, originated from approximately 13,000 IoT devices and targeted an East Asian Internet Service Provider. This follows a previous 3.8 Tbps DDoS attack mitigated by Cloudflare in October 2024. The new attack which lasted only 80 seconds and was successfully defended by Cloudflare's automated systems, highlights a worrying trend of escalating hyper-volumetric attacks, with attacks over 1Tbps increasing by a staggering 1,885% from the previous quarter. The company also noted a 53% increase in the frequency of all DDoS attacks throughout 2024, blocking an average of 4,870 attacks per hour.

A vulnerability in Cloudflare's CDN has also been identified that could expose users' general location. This vulnerability, discovered by a security researcher, allows a person's location to be determined by simply sending an image on platforms such as Signal and Discord. Cloudflare's CDN caches media at data centers closest to users, allowing their general location to be determined through cached responses to an image. It was found that this type of location tracking could achieve an accuracy between 50 and 300 miles, potentially creating privacy and security concerns. While Cloudflare has addressed the specific vulnerability, it has been noted that location attacks could still be performed via other methods.

Recommended read:
References :
  • ciso2ciso.com: Cloudflare Mitigates Massive 5.6 Tbps Mirai-Variant DDoS Attack – Source:hackread.com
  • BleepingComputer: A security researcher discovered a flaw in Cloudflare's content delivery network (CDN), which could expose a person's general location by simply sending them an image on platforms like Signal and Discord.
  • www.scworld.com: User location data exposure threatened by Cloudflare CDN vulnerability
CISO2CISO Editor 2@ciso2ciso.com - 38d

Cloudflare Mitigates Massive Mirai Botnet DDoS - Cloudflare mitigated a 5.6 Tbps Mirai-variant DDoS attack originating from over 13,000 compromised IoT devices, exploiting vulnerabilities in AVTECH IP cameras and Huawei routers, blocking 21.3 million DDoS attacks in 2024.
References: ciso2ciso.com , ,
Cloudflare has successfully mitigated a massive 5.6 Tbps Distributed Denial-of-Service (DDoS) attack, a record-breaking event highlighting the increasing threat of hyper-volumetric assaults. The attack, originating from a Mirai-variant botnet, targeted an East Asian Internet Service Provider on October 29th and lasted for 80 seconds. This incident underscores the growing sophistication and scale of DDoS threats, with this particular attack leveraging over 13,000 compromised IoT devices. Cloudflare's autonomous defense systems were able to promptly mitigate the attack.

The Mirai-variant botnet, known as "Murdoc," is exploiting vulnerabilities in AVTECH IP cameras and Huawei HG532 routers using CVE-2024-7029 and CVE-2017-17215. The Murdoc botnet campaign uses ELF files and shell scripts for propagation, downloading and executing malicious payloads on devices. The botnet has been found on over 1300 identified IPs and uses more than 100 command-and-control servers. This has resulted in a significant global impact, with Malaysia, Thailand, Mexico, and Indonesia being the most affected. In 2024, Cloudflare blocked 21.3 million DDoS attacks, a 53% year-over-year increase, and 420 attacks in Q4 exceeded 1 Tbps.

Recommended read:
References :
  • ciso2ciso.com: Cloudflare Mitigates Massive 5.6 Tbps Mirai-Variant DDoS Attack – Source:hackread.com
  • : Cloudflare Mitigates Massive 5.6 Tbps Mirai-Variant DDoS Attack – Source:hackread.com
  • Techmeme: In 2024, Cloudflare's autonomous DDoS defense systems blocked 21.3M DDoS attacks, up 53% YoY, and 420 DDoS attacks in Q4 2024 exceeded 1 Tbps, up 1,885% QoQ (The Cloudflare Blog)

Blogs

Research Tools