Friday, March 31, 2023
HomeSECURITYNew HinataBot botnet uses vulnerabilities in network equipment to carry out DDoS...

New HinataBot botnet uses vulnerabilities in network equipment to carry out DDoS attacks


New HinataBot botnet uses vulnerabilities in network equipment to carry out DDoS attacks

Written in the Go language, the malware has high performance for powerful malware campaigns.

IN fresh report companies Akamai specialists discovered a new botnet based golang, dubbed HinataBot. The botnet uses known vulnerabilities to compromise routers and servers in order to organize massive DDoS attacks.

Among the methods used to distribute malware are the exploitation of open Hadoop YARN servers, as well as vulnerabilities in Realtek SDK (CVE-2014-8361) and Huawei HG532 routers (CVE-2017-17215).

Old unpatched vulnerabilities and weak credential protection have become easy prey for attackers. After all, they found a documented entry point that does not require complex social engineering tactics and the like.

The attackers behind HinataBot are said to have been active since at least December 2022. But first they used the Mirai malware in their attacks, and only then, starting on January 11, 2023, they switched to malware of their own design.

Since the first discovery of HinataBot, Akamai experts have also found several more variations of the malware, but fresher. In them, experts found more modular functionality and additional security measures. All this indicates that HinataBot is still in the active development stage.

HinataBot, like other similar DDoS botnets, is able to communicate with a C2 server to receive instructions and initiate attacks on targeted IP addresses within the given time.

While early versions of the botnet used protocols such as HTTP, UDP, TCP, and ICMP to carry out DDoS attacks, the latest iteration is limited to HTTP and UDP only. Why exactly the other two protocols ceased to be involved is unknown. Maybe the authors of the malware are just experimenting.

Akamai researchers conducted a number of HinataBot tests and, according to their calculations, in a real attack involving 10,000 bots, the maximum UDP flood rate will exceed 3.3 terabits per second (Tbps), which will lead to a powerful volumetric attack. An HTTP flood will generate approximately 27 gigabits per second (Gbps) of traffic.

“Attackers used the Go language to take advantage of its high performance, ease of multithreading, multi-architecture support, and operating system cross-compilation, but also likely because Go complicates compilation and makes reverse engineering difficult,” Akamai said.

Source link


Please enter your comment!
Please enter your name here

Most Popular