May 28, 2024 at 06:45AM
CatDDoS botnet has exploited over 80 security flaws in the last three months to infect devices and launch DDoS attacks. It targets routers and networking equipment, mostly affecting devices from various vendors. The malware uses ChaCha20 encryption, employs an OpenNIC domain for C2, and shares encryption key/nonce pair with other botnets. Additionally, a new PDoS attack technique called DNSBomb has been disclosed, abusing DNS queries and responses to overwhelm targets. This technique has been flagged by the ISC, which maintains the BIND software suite.
From the provided meeting notes, it is evident that there has been a significant increase in cyber threats, particularly related to the CatDDoS malware botnet and the emergence of a new threat technique, DNSBomb.
The CatDDoS malware botnet has been exploiting over 80 known security flaws in various software to co-opt vulnerable devices into conducting distributed denial-of-service (DDoS) attacks. The vulnerabilities impact a wide range of routers, networking gear, and other devices from multiple vendors. The malware has been documented as a Mirai botnet variant capable of performing DDoS attacks using UDP, TCP, and other methods. Additionally, it is notable that CatDDoS primarily targets countries such as the U.S., France, Germany, Brazil, and China, affecting industries ranging from cloud service providers to public administration.
Moreover, there has been a recent revelation of a potent “pulsing” denial-of-service (PDoS) attack technique called DNSBomb, which exploits the Domain Name System (DNS) queries and responses to achieve an amplification factor of 20,000x. This attack strategy aims to overwhelm victims with periodic bursts of amplified traffic that are challenging to detect.
Furthermore, the researchers have discovered that the original authors behind the CatDDoS malware shut down their operations in December 2023, leading to the emergence of new variants linked to the sale or leak of the source code, such as RebirthLTD, Komaru, and Cecilio Network. Notably, these new variants share similarities in code, communication design, strings, and decryption methods.
It’s crucial to stay updated on these emerging cyber threats and to prioritize security measures to mitigate the risks posed by these vulnerabilities and attack techniques. These developments highlight the importance of proactive cybersecurity measures and continuous monitoring to safeguard against evolving threats.