This dangerous botnet has found a new way to infect your endpoints

New flaws leveraged almost daily

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A dangerous new botnet is adding new ways to infectvulnerable endpointsalmost every day, researchers are saying.

Multiple cybersecurity research teams spotted a botnet called EnemyBot in March this year, and at first, it was found to be abusing critical vulnerabilities inweb servers,CMS platforms, Android smartphones and Internet of Things (IoT) devices.

Since then, researchers have been tracking the development of the botnet and have found its creators are fast adding newly discovered vulnerabilities to the list of attack vectors.

The latest report, coming from AT&T Alien Labs, says 24 new vulnerabilities have been added, including some that don’t even have a CVE number yet, making them extremely dangerous.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

DDoS attacks

Among the flaws, as noted byBleepingComoputer,are multiple critical vulnerabilities in VMware Workspace ONE access and VMware Identity Manager, as well as F5 BIG-IP.

While the botnet’s main goal is to runDistributed Denial of Service(DDoS) attacks, it also allows operators to create a reverse shell on the target device, bypassingfirewallsand other defense mechanisms.

This rapidly expanding botnet is launching DDoS attacks left, right and center>A new botnet is launching attacks on millions of routers and IoT devices>Linux botnet abuses log4j to attack Arm, x86-based devices

The group behind EnemyBot seems to be Keksec, a threat actor also known as Necro, & Freakout. It is most famous for operating the Tsunami DDoS malware dubbed “Ryuk” (not to be confused with themalwareof the same name).

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

According toBleeping Computer, this seems to be an experienced group, which recently seems to have published the botnet’s source code.

To protect from a DDoS attack, organizations are advised to patch theiroperating systemsand software as soon as possible, install a firewall and monitor network traffic, and make sure all devices are protected by anantivirusservice.

ViaBleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Don’t wait until Black Friday, this year’s best Nintendo Switch bundles are on sale now