July 5, 2024 at 09:07AM OVHcloud recently thwarted a record-breaking DDoS attack, reaching a packet rate of 840 million packets per second. The attack utilized a TCP ACK flood from 5,000 source IPs and a DNS reflection attack from 15,000 DNS servers. Such attacks, including those leveraging compromised MikroTik routers, are becoming more frequent and … Read more
July 5, 2024 at 12:26AM Cybersecurity researchers discovered a new botnet, Zergeca, capable of DDoS attacks. It supports six attack methods, proxying, scanning, self-upgrading, reverse shell, and more. Notably, it uses DNS-over-HTTPS for C2 communications and continuous development. Linked to previous botnet activity, it targeted Canada, Germany, and the U.S. with ACK flood DDoS attacks. … Read more
July 3, 2024 at 02:07PM OVHcloud, a major European cloud services provider, successfully mitigated a record-breaking DDoS attack earlier this year, reaching 840 Mpps and stemming from compromised MikroTik network devices. The company has observed a trend of escalating attack sizes and frequency. The high processing power of MikroTik devices poses a significant threat, with … Read more
June 27, 2024 at 10:39AM P2PInfect, a peer-to-peer botnet, has shifted from being dormant to a financially motivated operation, targeting misconfigured Redis servers with ransomware and cryptocurrency miners. It spreads by transforming victim systems into follower nodes and has been updated to target MIPS and ARM architectures. The malware uses a mesh network to push … Read more
June 25, 2024 at 06:08AM P2PInfect, initially a dormant malware botnet, has become active, deploying ransomware and a cryptominer on Redis servers. Cado Security reports conflicting evidence about its motives and identifies new features such as cron-based persistence mechanisms and SSH lockout. The malware also targets 32-bit MIPS processors. It now poses a genuine threat … Read more
June 11, 2024 at 10:51AM Cybersecurity researchers have unveiled the activities of a Chinese threat actor called SecShow, targeting open DNS resolvers globally, potentially for malicious purposes. Meanwhile, a financially-motivated threat actor advertises a botnet service, Rebirth, targeting game servers for DDoS attacks. This reflects an increasing trend of cyber threats targeting gaming communities for … Read more
June 3, 2024 at 10:25AM Law enforcement authorities are seeking information on an individual known as Odd, suspected to be the mastermind behind the Emotet malware. The cybercriminal has operated under various aliases and may be collaborating with others. Recent efforts have led to arrests and takedowns of servers associated with malware operations, intensifying the … Read more
May 31, 2024 at 03:27PM Operation Endgame seeks help in capturing “Odd,” a figure behind the notorious Emotet operation, as revealed in a recent briefing. This comes after a series of takedowns and arrests related to major malware activities. The secretive nature of Emotet and the ongoing pursuit of “Odd” signal the persistence of cybercrime … Read more
May 31, 2024 at 07:36AM Over 600,000 small office/home office (SOHO) routers of a single ISP were disabled by the Chalubo remote access trojan (RAT) in a deliberate event, impacting model from ActionTec and Sagemcom. The incident occurred over 72 hours in late October 2023. Lumen Technologies reported 49% of the impacted routers were offline … Read more
May 30, 2024 at 08:30AM Europol announced the successful shutdown of TrickBot botnet and other malware droppers in an international operation, targeting various criminal activities and arresting cybercriminals. The operation, named Endgame, involved over a dozen countries and resulted in arrests, infrastructure shutdown, asset freezes, and addition of suspects to Europol’s Most Wanted list. Multiple … Read more