October 7, 2024 at 06:45AM
The Gorilla (aka GorillaBot) botnet, a new variant of Mirai, has been identified by cybersecurity researchers. It has carried out over 300,000 attack commands with a high attack density, targeting over 100 countries and using various DDoS attack methods. It also exploits a security flaw in Apache Hadoop YARN RPC for remote code execution.
Summary of Meeting Notes:
– Cybersecurity researchers discovered a new botnet malware called Gorilla (aka GorillaBot), a variant of the Mirai botnet source code.
– The botnet issued over 300,000 attack commands with a high attack density between September 4 and September 27, 2024, with at least 20,000 commands per day targeting various sectors in over 100 countries.
– The botnet primarily uses UDP flood, ACK BYPASS flood, Valve Source Engine (VSE) flood, SYN flood, and ACK flood for DDoS attacks, targeting universities, government websites, telecoms, banks, gaming, and gambling sectors.
– It supports multiple CPU architectures and comes with capabilities to connect to predefined command-and-control (C2) servers to await DDoS commands.
– The malware also embeds functions to exploit a security flaw in Apache Hadoop YARN RPC for remote code execution and achieves persistence on the host by creating a service file and configuring it to run automatically at every system startup.
– The botnet uses encryption methods, commonly employed by the Keksec group, to hide key information and employs multiple techniques to maintain long-term control over IoT devices and cloud hosts.
Please let me know if there’s anything else you need.