The growing adoption of IoT devices has resulted in gradually increasing waves of botnet attacks. While old botnet attacks are evolving, several new players are emerging in the threat landscape. Recently, Trickbot was found to be active again with new phishing and malware attacks.

New botnet-based attacks

In the last two months, several new botnet attacks have been discovered that were mostly focused on Linux systems, IoT devices, and open-source components. 
  • Attackers behind the DreamBus botnet were observed targeting enterprise apps running on Linux servers. 
  • Cybercrime gangs were found abusing RDP systems (running on UDP port 3389) to amplify junk traffic as part of the DDoS botnet attacks.
  • Another new Linux-based cryptocurrency mining botnet, PGMiner, was spotted in the wild, abusing a PostgreSQL RCE flaw.

Enhancements to existing botnets

  • Last month, the U.K Department for Education distributed free laptops to several students that were later found infected with Gamarue botnet.
  • In addition, the FreakOut botnet had surfaced again in a new series of attacks last month.
  • A crypto-mining botnet, TeamTNT, implemented a feature dedicated to stealing and collecting AWS credentials.
  • A newer variant of Gitpaste-12 worm botnet was found to be targeting at least 31 known vulnerabilities in several popular devices.


Botnet attacks are getting sophisticated and making it harder for organizations to defend against them. Thus, experts suggest connecting IoT devices only in environments that have firewalls, using DDoS mitigation services that employ robust content delivery networks, and patching network devices.

Cyware Publisher