800+ IT
News
als RSS Feed abonnieren📚 Akamai warns of new HinataBot malware botnet capable of massive DDoS attacks
💡 Newskategorie: Hacking
🔗 Quelle: blackhatethicalhacking.com
Akamai warns of new HinataBot malware botnet capable of massive DDoS attacks
HinataBot targets
Akamai researchers recently discovered a new malware botnet known as HinataBot that targets Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into a distributed denial of service (DDoS) swarm. The botnet exploits old flaws such as CVE-2014-8361 and CVE-2017-17215 and was first detected in mid-January 2023. HinataBot seems to be based on Mirai and is a Go-based variant of the notorious malware strain. Akamai’s researchers captured multiple samples from active campaigns as recently as March 2023 and deduced that the malware is under active development, featuring functional improvements and anti-analysis additions.
HinataBot is distributed by brute-forcing Secure Shell (SSH) endpoints or using infection scripts and Remote Code Execution (RCE) payloads for known vulnerabilities. After infecting devices, the malware remains silent, waiting for commands to execute from the command and control server. Even though the newer variants only feature HTTP and User Datagram Protocol (UDP) flood attacks, the botnet can potentially perform powerful DDoS attacks. Older versions of HinataBot supported HTTP, UDP, Internet Control Message Protocol (ICMP), and Transmission Control Protocol (TCP) floods.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
3.3 Tbps DDoS attacks
Akamai researchers benchmarked the botnet in 10-second attacks for both HTTP and UDP. In the HTTP attack, the malware generated 20,430 requests for a total size of 3.4 MB. The UDP flood generated 6,733 packages totaling 421 MB of data. The researchers estimated that with 1,000 nodes, the UDP flood could generate roughly 336 Gbps, while at 10,000 nodes, the attack data volume would reach 3.3 Tbps. In the case of the HTTP flood, 1,000 ensnared devices would generate 2,000,000 requests per second, while 10,000 nodes would take that number of 20,400,000 requests per second and 27 Gbps.
UDP flood packet capture (Akamai)
Trending: A primer on OS Command Injection Attacks
HinataBot might implement more exploits while widening its scope
Akamai’s analysts created a Command and Control (C2) server of their own and interacted with simulated infections to stage HinataBot for DDoS attacks to observe the malware in action and infer its attack capabilities. Although HinataBot is still in development and might implement more exploits and widen its targeting scope anytime, the fact that its development is so active increases the likelihood of seeing more potent versions circulating in the wild soon. “Let’s hope that the HinataBot authors move onto new hobbies before we have to deal with their botnet at any real scale,” warns Akamai.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: info@blackhatethicalhacking.com
Source: bleepingcomputer.com
Recent News
Samsung Users at Risk: 18 Zero-Day Vulnerabilities Found in Exynos Chipsets
CISA Identifies Critical Vulnerability in Adobe ColdFusion
Russian hackers exploit Outlook zero-day vulnerability to target European organizations
Kali Linux 2023.1 – Adds Kali Purple for defensive security, python updates, new tools
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.