Experts On A New Botnet Is Covertly Targeting Millions Of Servers

Researchers have found what they believe is a previously undiscovered botnet that uses unusually advanced measures to covertly target millions of servers around the world. The botnet uses proprietary software written from scratch to infect servers and corral them into a peer-to-peer network, researchers from security firm Guardicore Labs reported on Wednesday. Peer-to-peer (P2P) botnets distribute their administration among many infected nodes rather than relying on a control server to send commands and receive pilfered data. With no centralized server, the botnets are generally harder to spot and more difficult to shut down.

More information: https://www.wired.com/story/a-new-botnet-is-covertly-targeting-millions-of-servers/

Subscribe
Notify of
guest

3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Martin Jartelius
Martin Jartelius , CSO
InfoSec Expert
August 25, 2020 11:15 am

Administrators who do not protect SSH servers with a strong password have been at risk for almost 40 years now. It’s time to take responsibility, the Morris worm of 1988 targeted the same risk, but with technology and performance at par with the times it was released.

Last edited 2 years ago by Martin Jartelius
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
August 25, 2020 11:14 am

The continual back and forth between the bad guys and the defenders have reached a new level, as the bad guys have discovered a \”better way\” to infect servers.

Server administrators need to protect their SSH servers with both strong, secure passwords and cryptographic servers or run the risk of being infected, if they have not already been infected.

Perhaps the scariest takeaway from all of this is that there is someone with the resources available to finance a sophisticated P2P botnet the size of Fritzfrog. This attack isn\’t one launched by \”script kiddies\” using ready-made attacks, but is instead developed by highly sophisticated software developers. This form of aggressive attack may be a harbinger of things to come.

Last edited 2 years ago by Chris Hauk
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
August 25, 2020 11:11 am

This latest botnet showcases how the capabilities of criminal operators continues to grow, as does their commitment to spreading malware.

Not having a traditional CNC model can make these kinds of attacks difficult to detect and effectively block.

So, it is important that organisations focus on the root causes which malware exploits to gain access. In this case, securing SSH servers, having strong authentication and anti brute-force controls can go a long way in protecting organisations against this and similar threats.

Last edited 2 years ago by Javvad Malik
Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x