A major botnet operation has been attacking and taking over the web shells (backdoors on web servers) of other malware operations for more than a year, security researchers from Positive Technologies have revealed. Researchers linked the botnet to a former Windows trojan named Neutrino (also known as Kasidet), whose operators appear to have shifted from targeting desktop users to online servers, on which they install a cryptocurrency-mining malware.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Once they are established, botnets are often used as a proxy to conduct attacks. It\’s very common for them to be rented out, as part of the cybercrime-as-a-service economy, for credential stuffing and DDoS. During idle time they are used for crypto-mining.
To protect themselves, businesses need to think about hybrid threats, as these botnets provide a wide range of access points from residential origins and can’t be easily blocked.