Architecture, DDOS and Information Security

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Network security architecture is a strategy that provides formal processes to design robust and secure networks. Effective implementation improves data throughput, system reliability, and overall security for any organization.

Architecture

Architecture Network Security Firewall Risk

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

Enemybot is a DDoS botnet that targeted several routers and web servers by exploiting known vulnerabilities. Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. Upon installing the threat, the bot drops a file in /tmp/.pwned

DDOS

DDOS Architecture Malware Cybercrime

DDoS attacks leverages Plex media server

SC Magazine

FEBRUARY 4, 2021

Netscout is reporting a spate of distributed denial-of-service (DDoS) attacks leveraging a problematic engineering decision in the popular Plex media server. But, said Dobbins, media servers could use architectures other than UPnP to provide similar functionality, like a central directory service.

DDOS

DDOS Media Engineering Internet

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

Security Affairs

OCTOBER 11, 2023

A Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to target routers from different vendors, including D-Link, Zyxel, and TP-Link. Upon executing the script, it deletes logs and downloads and executes various bot clients to target specific Linux architectures. ” reads the analysis published by Fortinet.

DDOS

DDOS Wireless Architecture IoT

Chinese AI platform DeepSeek faced a “large-scale” cyberattack

Security Affairs

JANUARY 28, 2025

DeepSeek’s AI model is highly appreciated due to its exceptional performance, low costs, versatility across various industries, and innovative architecture that enhances learning and decision-making. The AI company did not share details about the attack or its origin, however likely the platform was targeted by a massive DDoS attack.

Artificial Intelligence

Artificial Intelligence DDOS Architecture Marketing

DDoS Attacks Skyrocket, Kaspersky Researchers Say

eSecurity Planet

NOVEMBER 11, 2021

Distributed denial of service (DDoS) attacks soared in the third quarter, giving organizations yet another cyber threat to worry about. Even the slowest days saw 500 DDoS attacks; the busiest day, Aug. Also read: How to Stop DDoS Attacks: 6 Tips for Fighting DDoS Attacks. DDoS Attackers Target Middleboxes, UDP.

DDOS

DDOS Firewall Manufacturing Wireless

New RapperBot Campaign targets game servers with DDoS attacks

Security Affairs

NOVEMBER 16, 2022

Fortinet researchers discovered new samples of RapperBot used to build a botnet to launch Distributed DDoS attacks against game servers. Fortinet FortiGuard Labs researchers have discovered new samples of the RapperBot malware that are being used to build a DDoS botnet to target game servers. ” the researchers conclude.

DDOS

DDOS IoT Malware Architecture

Dark Frost Botnet targets the gaming sector with powerful DDoS

Security Affairs

MAY 26, 2023

Researchers spotted a new botnet dubbed Dark Frost that is used to launch distributed denial-of-service (DDoS) attacks against the gaming industry. Researchers from Akamai discovered a new botnet called Dark Frost that was employed in distributed denial-of-service (DDoS) attacks. Gbps through a UDP flood attack.

DDOS

DDOS Architecture Malware Hacking

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

Security Affairs

MAY 9, 2023

A DDoS botnet dubbed AndoryuBot has been observed exploiting an RCE, tracked as CVE-2023-25717, in Ruckus access points. The activity is associated with a known DDoS botnet tracked as AndoryuBot that first appeared in February 2023. The bot supports multiple DDoS attack techniques and uses SOCKS5 proxies for C2 communications.

DDOS

DDOS Wireless Architecture Advertising

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Security Affairs

NOVEMBER 14, 2022

The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks. KmsdBot supports multiple architectures, including as Winx86, Arm64, and mips64, x86_64, and does not stay persistent to avoid detection. ” reads the post published by Akamai. ” Pierluigi Paganini.

DDOS

DDOS Malware Cryptocurrency Architecture

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. Mirai botnets are frequently used to conduct DDoS attacks.”

DDOS

DDOS Firmware VPN Firewall

Discovery of Simps Botnet Leads To Ties to Keksec Group

Security Affairs

MAY 18, 2021

Uptycs’ threat research team discovered a new botnet, tracked as Simps botnet, attributed to Keksec group, which is focused on DDOS activities. Uptycs’ threat research team has discovered a new Botnet named ‘Simps’ attributed to Keksec group primarily focussed on DDOS activities. 200 in simps directory to tmp.

DDOS

DDOS Malware Architecture IoT

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux. A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn.

Malware

Malware DDOS Architecture Financial Services

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The botnet was created to launch DDoS attacks and to insert advertisements in the legitimate HTTP traffic of the victims, most of which are in China (96%). The botnet leverages a robust architecture based on a combination of third-party services, P2P, and Command & Control servers. million devices.

Architecture

Architecture DDOS Advertising DNS

Experts warn of China-linked APT’s Raptor Train IoT Botnet

Security Affairs

SEPTEMBER 18, 2024

. “This service enables an entire suite of activities, including scalable exploitation of bots, vulnerability and exploit management, remote management of C2 infrastructure, file uploads and downloads, remote command execution, and the ability to tailor IoT-based distributed denial of service (DDoS) attacks at-scale.”

IoT

IoT Wireless DDOS Architecture

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

The malicious code can target various architectures, it supports both flooder and backdoor capabilities. The primary target of NKAbuse is Linux desktops, however, it can target MISP and ARM architecture. NKN (New Kind of Network) is a decentralized peer-to-peer network protocol that relies on blockchain technology.

Malware

Malware Architecture Technology DDOS

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet was spotted by security experts from 360 Netlab, at the time of its discovered it was actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks.

IoT

IoT DDOS Architecture Passwords

New HEH botnet wipes devices potentially bricking them

Security Affairs

OCTOBER 7, 2020

Researchers from from Netlab, the network security division of Chinese tech giant Qihoo 360, have discovered a new botnet, tracked as HEH, that contains the code to wipe all data from infected systems, such as routers, IoT devices, and servers. In the current version, each node cannot send control command to its peers.

Architecture

Architecture IoT Malware Advertising

The activity of the Linux XorDdos bot increased by 254% over the last six months

Security Affairs

MAY 20, 2022

XORDDoS , also known as XOR.DDoS , first appeared in the threat landscape in 2014 it is a Linux Botnet that was employed in attacks against gaming and education websites with massive DDoS attacks that reached 150 gigabytes per second of malicious traffic. ” concludes the report.

DDOS

DDOS Architecture Education Hacking

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks. KmsdBot supports multiple architectures, including as Winx86, Arm64, and mips64, x86_64, and does not stay persistent to avoid detection. ” reads the report published by Akamai.

IoT

IoT DDOS Architecture Internet

New ZHtrap botnet uses honeypot to find more victims

Security Affairs

MARCH 17, 2021

ZHtrap propagates using four vulnerabilities, experts pointed out that the botnet mainly used to conduct DDoS attacks and scanning activities, while integrating some backdoor features. ZHtrap supports multiple architectures, including x86, ARM, and MIPS.

DDOS

DDOS Architecture Encryption Hacking

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities. The botnet targets multiple architectures, including arm, bsd, x64, and x86. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion.

Malware

Malware DDOS IoT Cybercrime

Mukashi, the new Mirai variant that targets Zyxel NAS

Security Affairs

MARCH 21, 2020

“Upon execution, the zi script downloads different architectures of Mirai bot, runs the downloaded binaries, and removes the binaries. The bot supports various commands, like Mirai, such as launching DDoS attacks. Like other Mirai variants, Mukashi is also capable of receiving C2 commands and launching DDoS attacks.”

DDOS

DDOS Authentication Advertising Firmware

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

com) with links to the bot was among the 48 domains associated with DDoS-for-hire services seized by the FBI in December. The Go-based botnet spreads by exploiting two dozen security vulnerabilities in the internet of things (IoT) devices and other applications. The IT giant is tracking this cluster of threat activity as DEV-1061.

IoT

IoT DDOS Malware Firmware

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Security Affairs

SEPTEMBER 8, 2024

The attack starts with a shell script that downloads binaries for various architectures (ARM, MIPS, X86), extracts a command-and-control (C2) server from an encrypted configuration, and connects to it. ” The flaw was also exploited to deliver Mirai Variant – JenX and the Condi DDoS bot.

Malware

Malware Telecommunications Encryption DDOS

A new Mirai botnet variant targets TP-Link Archer A21

Security Affairs

APRIL 25, 2023

.” The Mirai botnet is exploiting the issue to gain access to the device and downloads the malicious payload for the targeted architecture. The Mirai botnet that is behind the attacks observed by ZDI is focused on launching DDoS attacks, it has the capability to target Valve Source Engine (VSE). ” continues the report.

DDOS

DDOS Engineering Firmware Architecture

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

Experts revealed details on the tools and techniques used by the botnet to compromise Linux devices and recruit them in launching distributed denial-of-service (DDoS) attacks. The Momentum bot targets various Linux platforms running upon multiple CPU architectures, including ARM, MIPS, Intel, and Motorola 68020.

Malware

Malware DDOS Advertising DNS

New Linux botnet RapperBot brute-forces SSH servers

Security Affairs

AUGUST 5, 2022

RapperBot has limited DDoS capabilities, it was designed to target ARM, MIPS, SPARC, and x86 architectures. Experts also noticed that the most recent samples include the code to maintain persistence, which is rarely implemented in other Mirai variants.

IoT

IoT Malware Passwords Authentication

New Mozi P2P Botnet targets Netgear, D-Link, Huawei routers

Security Affairs

DECEMBER 25, 2019

Security experts from 360 Netlab spotted a new Mozi P2P botnet that is actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. The botnet implements a custom extended Distributed Hash Table (DHT) protocol that provides a lookup service similar to a hash table ([key, value]).

DDOS

DDOS Passwords Advertising Wireless

Mirai code re-use in Gafgyt

Security Affairs

APRIL 16, 2021

HTTP flooding is a kind of DDoS attack in which the attacker sends a large number of HTTP requests to the targeted server to overwhelm it. UDP flooding is a type of DDoS attack in which an attacker sends several UDP packets to the victim server as a means of exhausting it. HTTP flooding module. Figure 1: HTTP flooder module.

Malware

Malware DDOS IoT Firmware

Cloud Security Strategy: Building a Robust Policy in 2024

eSecurity Planet

AUGUST 7, 2024

Understanding the relationship between the OSI Model Layers and your cloud security strategy allows you to simplify intricate security concepts, make more informed security decisions, and boost collaboration and interaction. Effective cloud security is established layer by layer.

Architecture

Architecture DDOS Encryption Data breaches

New Go-based Redigo malware targets Redis servers

Security Affairs

DECEMBER 1, 2022

“The first use of the command is activated to receive information about the CPU architecture. AquaSec researchers believe that threat actors are using the Redigo malware to infect Redis and add them to a botnet used to launch denial-of-service (DDoS) attacks, run cryptocurrency miners, or steal data from the servers.

Malware

Malware DDOS Architecture Cryptocurrency

The ultimate guide to Cyber risk management

CyberSecurity Insiders

FEBRUARY 2, 2022

Ambitious information security experts serve as a critical part of cyber risk management. The corporation is responsible for structuring IT and information security activities to protect its data resources, such as hardware, software, and procedures. This blog was written by an independent guest blogger. Risk assessment.

Cyber Risk

Cyber Risk Risk Architecture Firewall

New England Biolabs leak sensitive data

Security Affairs

OCTOBER 24, 2023

Exposed endpoints could be leveraged to flood the system or application with traffic, disrupt or block the service for legitimate users, initiate DDoS attacks, disseminate spam, conduct phishing attacks, and other malicious actions.

Data breaches

Data breaches Social Engineering Phishing DDOS

Security Affairs newsletter Round 380

Security Affairs

AUGUST 20, 2022

CISA added 7 new flaws to its Known Exploited Vulnerabilities Catalog TA558 cybercrime group targets hospitality and travel orgs Russia-linked Cozy Bear uses evasive techniques to target Microsoft 365 users CISA added SAP flaw to its Known Exploited Vulnerabilities Catalog A flaw in Amazon Ring could expose user’s camera recordings Cisco fixes High-Severity (..)

DDOS

DDOS Architecture Malware Cybercrime

The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases

Security Affairs

AUGUST 5, 2022

Dark Utilities is advertised as a platform to enable remote access, command execution, conduct distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems. It allows threat actors to target multiple architectures without requiring technical skills.

Architecture

Architecture DDOS Internet Internet

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

Godlua is a DDoS bot that was already involved in attacks in the wild, such as the one that hit liuxiaobei[.]com Some web browsers, including Google Chrome and Mozilla Firefox also support the DoH. com domain.

DNS

DNS Malware Advertising DDOS

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Security Affairs

JUNE 15, 2021

Then the script attempts to download a list of filenames (associated with different CPU architectures), executes each one of them, achieves persistence through a crontab, and deletes itself. The botnet was designed to carry out distributed denial of service (DDoS) attacks like the original Mirai bot.

Malware

Malware Internet Internet DDOS

HiddenWasp, a sophisticated Linux malware borroes from Mirai and Azazel

Security Affairs

MAY 31, 2019

“Unlike common Linux malware, HiddenWasp is not focused on crypto-mining or DDoS activity. “The script will then proceed to download a tar compressed archive from a download server according to the architecture of the compromised system. According to the experts at Intezer, the malware was involved in targeted attacks. .

Malware

Malware Advertising DDOS Architecture

Silver Sparrow, a new malware infects Mac systems using Apple M1 chip

Security Affairs

FEBRUARY 20, 2021

. “The novelty of this downloader arises primarily from the way it uses JavaScript for execution—something we hadn’t previously encountered in other macOS malware—and the emergence of a related binary compiled for Apple’s new M1 ARM64 architecture.” “In addition, the ultimate goal of this malware is a mystery.

Malware

Malware Adware Antivirus DDOS

Cyber Security Roundup for March 2021

Security Boulevard

FEBRUARY 28, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2021. DDoS Attacks Leverage Plex Media Server. Avanan: State of Email Security Report: SOC teams spend a quarter of their day handling suspicious emails.

Energy and Utilities

Energy and Utilities Ransomware DDOS Accountability

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

The experts discovered that the malicious code had been compiled for different architectures. On infected a router, the malware enumerates the victim’s SOHO router and sends that information back to a C2 server whose address is embedded in the code.

Malware

Malware Advertising Cybercrime Passwords

DCRat, only $5 for a fully working remote access trojan

Security Affairs

MAY 9, 2022

The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution. “All DCRat marketing and sales operations are done through the popular Russian hacking forum lolz[.]guru,

Cybercrime

Cybercrime Malware Surveillance DDOS

Network Security Architecture: Best Practices & Tools

Enemybot, a new DDoS botnet appears in the threat landscape

Trending Sources

DDoS attacks leverages Plex media server

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

Chinese AI platform DeepSeek faced a “large-scale” cyberattack

DDoS Attacks Skyrocket, Kaspersky Researchers Say

New RapperBot Campaign targets game servers with DDoS attacks

Dark Frost Botnet targets the gaming sector with powerful DDoS

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Multiple DDoS botnets were observed targeting Zyxel devices

Discovery of Simps Botnet Leads To Ties to Keksec Group

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Experts warn of China-linked APT’s Raptor Train IoT Botnet

New NKAbuse malware abuses NKN decentralized P2P network protocol

Mozi Botnet is responsible for most of the IoT Traffic

New HEH botnet wipes devices potentially bricking them

The activity of the Linux XorDdos bot increased by 254% over the last six months

Updated Kmsdx botnet targets IoT devices

New ZHtrap botnet uses honeypot to find more victims

EnemyBot malware adds new exploits to target CMS servers and Android devices

Mukashi, the new Mirai variant that targets Zyxel NAS

A new Zerobot variant spreads by exploiting Apache flaws

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

A new Mirai botnet variant targets TP-Link Archer A21

Trend Micro observed notable malware activity associated with the Momentum Botnet

New Linux botnet RapperBot brute-forces SSH servers

New Mozi P2P Botnet targets Netgear, D-Link, Huawei routers

Mirai code re-use in Gafgyt

Cloud Security Strategy: Building a Robust Policy in 2024

New Go-based Redigo malware targets Redis servers

The ultimate guide to Cyber risk management

New England Biolabs leak sensitive data

Security Affairs newsletter Round 380

The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

HiddenWasp, a sophisticated Linux malware borroes from Mirai and Azazel

Silver Sparrow, a new malware infects Mac systems using Apple M1 chip

Cyber Security Roundup for March 2021

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

DCRat, only $5 for a fully working remote access trojan

Stay Connected