As we continue to keep track of the latest IoT botnets, the FortiGuard Labs team has seen an increasing number of Mirai variants, thanks to the source code being made public two years ago. Since then, threat actors have been adding their own flavours to the original recipe.
At FortiGuard Labs we were interested in searching out other malware that leverages Mirai code modules. Interestingly, one of the families that showed up in our search was the Hide ‘N Seek (HNS) bot, which was discovered in January of 2018. HNS is a complex botnet that uses P2P to communicate with peers/other infected devices to receive commands. In this article, I will discuss how the Mirai bot code was used in this HNS bot.
We recently received a malware sample recently that had been packed and compiled on Tue Feb 06 2018. After unpacking it, we found that it contained a version of the Dreambot/Ursnif trojan, which had a compilation date of Tue Oct 10 2017, suggesting that existing versions of Dreambot are now being packaged with brand-new droppers.
In preparation for our talk entitled “IoT: Battle of Bots” at the RootedCon Security conference that will be held in Madrid, Spain this March 2018, the FortiGuard Labs team encountered yet another new Mirai variant.
Satori, a Mirai based IoT bot, has been one of the most actively updated exploits in recent months. It is believed that the hacker behind this bot is also the author of other Mirai variants, known as Okiru, and Masuta. FortiGuard Labs researchers recently observed a new Satori version that had added a known exploit chain (one which had been used in the past by the Persirai bot) to enable it to spread to vulnerable devices, particularly, wireless IP cameras that run a vulnerable custom version of the GoAhead web server.
Distributed denial-of-service (DDoS) attacks are becoming increasingly common across the financial services industry. DDoS attacks occur when a portion of the network is targeted, typically at the networking, transport, or application layer, with a flood of requests that overwhelm network bandwidth, causing it to slow or crash completely.
Welcome back to our monthly review of some of the most interesting security research publications.
For anyone reading the news regularly, it’s not hard to grasp that cyber threats are getting more sophisticated and damaging by the day. From a security technology provider’s perspective, I can add that tackling them is a fast mounting challenge for the millions of businesses that come under attack daily. Modern cybersecurity technologies – assuming you have already put in place the right professionals, policies, and processes − are a must. But organizations deploying them need to look beyond the boxes that sit on...
When people think of cybercrime, they tend to think of geeks in dark rooms staring into computer monitors trying to figure out some new way to infiltrate a network. And historically, that was a pretty accurate assessment. Today, however, cybercrime is a business. Cybercriminals tend to keep business hours (attack surges very often follow standard work hours), attacks are designed to generate revenue, and cost/benefit ratios are often considered when deciding who and how to attack a target. Hacker tools and malware can be custom built and...