Over the last couple of years, botnet attacks have grown in numbers and become a serious threat to company networks. Botnets are capable of executing a broad variety of attacks, including malspam campaigns, distributed denial-of-service (DDoS), and cryptocurrency mining, to name a few.
Botnets getting out of hand
- The diligence of botnet operators to serve their purpose without being detected by the users of affected devices, until significant damage is done, is a trend seen among botnet attackers.
- In recent years, botnet attacks have become unmanageable due to the advent of new vulnerability exploits to impact millions of devices, and sophisticated evasion techniques to avoid detection.
Not doing good deeds
- Once recognized for rehashing vulnerable Windows systems into Monero cryptomining bots, Lucifer is now capable of scanning and infecting Linux systems. Besides including Linux targeting support, the creators have extended the capabilities of the hybrid DDoS botnet to steal credentials and escalate privileges with the help of Mimikatz post-exploitation tool.
- A decentralized botnet, FritzFrog deploys malware and uses Peer-to-Peer (P2P) protocol to allocate control to each of its nodes, dodging the need for a single controller or point-of-failure. The infected machines become bots capable of receiving and executing commands. In the last eight months, the botnet has impacted at least 500 SSH servers belonging to government, financial, education, telecom, and medical organizations worldwide.
- TeamTNT, a cryptomining botnet, targets unprotected Kubernetes and Docker systems running on AWS servers, and then scans them to steal AWS credentials. Since April, the malware installing Monero cryptominers on the infected servers has been preying on Docker installations.
Stay on guard
While some botnet attacks are performed using sophisticated tactics and techniques, some occur due to negligent behavior of organizations toward their cybersecurity. However, taking necessary and careful precautions against botnet attacks such as patching vulnerabilities exploited in the wild and leveraging threat intelligence to counter will save companies from incurring huge losses.