Sophistication of Botnet Attacks Continues to Evolve

Botnets getting out of hand

• The diligence of botnet operators to serve their purpose without being detected by the users of affected devices, until significant damage is done, is a trend seen among botnet attackers.
• In recent years, botnet attacks have become unmanageable due to the advent of new vulnerability exploits to impact millions of devices, and sophisticated evasion techniques to avoid detection.

Not doing good deeds

• Once recognized for rehashing vulnerable Windows systems into Monero cryptomining bots, Lucifer is now capable of scanning and infecting Linux systems. Besides including Linux targeting support, the creators have extended the capabilities of the hybrid DDoS botnet to steal credentials and escalate privileges with the help of Mimikatz post-exploitation tool.
• A decentralized botnet, FritzFrog deploys malware and uses Peer-to-Peer (P2P) protocol to allocate control to each of its nodes, dodging the need for a single controller or point-of-failure. The infected machines become bots capable of receiving and executing commands. In the last eight months, the botnet has impacted at least 500 SSH servers belonging to government, financial, education, telecom, and medical organizations worldwide.
• TeamTNT, a cryptomining botnet, targets unprotected Kubernetes and Docker systems running on AWS servers, and then scans them to steal AWS credentials. Since April, the malware installing Monero cryptominers on the infected servers has been preying on Docker installations.

Stay on guard