Tag Archive for: botnet

Botnet Detection Market Size, Trends And Forecast

New Jersey, United States – Verified Market Research provides an encyclopedic study of the Botnet Detection Market with holistic insights into important factors and aspects impacting the future growth of the market. The Botnet Detection Market has been analyzed for the forecast period 2022-2029 and the historical period 2015-2021. To help players gain a thorough understanding of the Botnet Detection Market and its critical dynamics, the research study provides detailed qualitative and quantitative analysis. Additionally, readers are offered comprehensive and in-depth research of various regions and segments of the Botnet Detection Market. Almost all industry-specific, microeconomic and macroeconomic factors affecting the growth of the global market have been analyzed in the report.

With a comprehensive analysis of the competitive landscape, the authors of the Botnet Detection Market report have made a brilliant attempt to study the key developments, pricing and business tactics, and future plans of the leading companies. Along with Players Botnet Detection Market performance in terms of revenue and revenue, the analysts throw light on their production, served areas, gross margin, and other important factors. Additionally, the Botnet Detection report helps players to gain an upper hand in the market competition by thoroughly analyzing its competitors’ market positioning, market growth, and product portfolio.

Get Full PDF Sample Copy of Report: (Including Full TOC, List of Tables & Figures, Chart) @ https://www.verifiedmarketresearch.com/download-sample/?rid=8979

Key Players Mentioned in the Botnet Detection Market Research Report:

Akamai Technologies (US), Imperva (US), Distil Networks (US), PerimeterX (US), ShieldSquare (India), Unfraud (US), Instart Logic (US), Pixalate (US), AppsFlyer (US), Intechnica (UK), Zenedge (US), Reblaze (Israel), White Ops(US), Shape Security (US), Integral Ad Science (US), InfiSecure (India), DataDome (France), CriticalBlue (UK), Digital Hands (US), Variti (Switzerland), Stealth Security (US), Unbotify (Israel), Kasada (Australia), Mfilterit (India), White Diagnostic (US).

Botnet Detection Market Segmentation:  

Botnet Detection Market, By…


Public Redis exploit used by malware gang to grow botnet


The Muhstik malware gang is now actively targeting and exploiting a Lua sandbox escape vulnerability in Redis after a proof-of-concept exploit was publicly released.

The vulnerability is tracked as CVE-2022-0543 and was discovered in February 2022, affecting both Debian and Ubuntu Linux distributions.

Soon after, on March 10th, a proof-of-concept (PoC) exploit was publicly released on GitHub, allowing malicious actors to run arbitrary Lua scripts remotely, achieving sandbox escape on the target host.

Although the vulnerability has been patched in Redis package version, it is common for servers not to be updated immediately due to operational concerns or simply because the admin does not know of the new release.

According to a report by Juniper Threat Labs, just one day after the PoC was released, the Muhstik gang began actively exploiting the flaw to drop malware that supports its DDoS (denial of service) operations.

Executing commands on Redis session
Executing commands on Redis session (Juniper)

A long-running Chinese botnet

The Muhstik botnet is thought to be operated out of China, as researchers have previously linked its control infrastructure to a Chinese forensics firm.

It has been around since at least 2018 surviving by adaptation, regularly switching to exploiting new vulnerabilities consistently to target large numbers of vulnerable devices.

In the past, it targeted Oracle WebLogic Server bugs (CVE-2019-2725 and CVE-2017-10271) and a Drupal RCE flaw (CVE-2018-7600).

In September, Muhstik switched to attacking Confluence Servers through CVE-2021-26084, and in December, it focused on exploiting vulnerable Apache Log4j deployments.

The exploitation of CVE-2022-0543 started at the beginning of this month and is still ongoing.

Timeline of Muhstik activity
Timeline of Muhstik activity (Juniper)

A “Russian” payload

Muhstik named their payload “russia.sh”, which is downloaded from the C2 using wget or curl, saved as “/tmp.russ”, and eventually executed.

The script will fetch variants of the Muhstik bot from an IRC server, while the bot supports the reception and parsing of shell commands, flood commands, and SSH brute force.

Muhstik bot capabilities as seen in the code
Muhstik bot capabilities as seen in its strings (Juniper)

In the past, Muhstik also downloaded…


Over 200,000 MicroTik Routers Worldwide Are Under the Control of Botnet Malware

Botnet Malware

Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years.

According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the new-disrupted Glupteba botnet as well as the infamous TrickBot malware were all distributed using the same command-and-control (C2) server.

“The C2 server serves as a botnet-as-a-service controlling nearly 230,000 vulnerable MikroTik routers,” Avast’s senior malware researcher, Martin Hron, said in a write-up, potentially linking it to what’s now called the Mēris botnet.

Automatic GitHub Backups

The botnet is known to exploit a known vulnerability in the Winbox component of MikroTik routers (CVE-2018-14847), enabling the attackers to gain unauthenticated, remote administrative access to any affected device. Parts of the Mēris botnet were sinkholed in late September 2021.

“The CVE-2018-14847 vulnerability, which was publicized in 2018, and for which MikroTik issued a fix for, allowed the cybercriminals behind this botnet to enslave all of these routers, and to presumably rent them out as a service,” Hron said.

In attack chain observed by Avast in July 2021, vulnerable MikroTik routers were targeted to retrieve the first-stage payload from a domain named bestony[.]club, which was then used to fetch additional scripts from a second domain “globalmoby[.]xyz.”

Interesting enough, both the domains were linked to the same IP address: 116.202.93[.]14, leading to the discovery of seven more domains that were actively used in attacks, one of which (tik.anyget[.]ru) was used to serve Glupteba malware samples to targeted hosts.

“When requesting the URL https://tik.anyget[.]ru I was redirected to the https://routers.rip/site/login domain (which is again hidden by the Cloudflare proxy),” Hron said. “This is a control panel for the orchestration of enslaved MikroTik routers,” with the page displaying a live counter of devices connected into the botnet.

But after details of the Mēris botnet entered public domain in early September 2021, the C2 server is said to have abruptly stopped serving scripts before disappearing…


Corero extends automatic DDoS protection to counter ‘carpet bomb’ and botnet attacks | VanillaPlus

24 February, 2022 at 9:59 AM

Posted by: Anasia D’mello

Corero extends automatic DDoS protection to counter ‘carpet bomb’ and botnet attacks

Amersham, UK. 23 February 2022 – Corero Network Security plc, a provider of real-time, DDoS (distributed denial of service) cyber defence solutions, is extending its automatic protection against Carpet Bomb and Botnet attacks.

Corero’s mission is to make the internet a safer place to do business by protecting against the downtime and disruption caused by DDoS attacks. Corero is enabling organisations around the globe to maintain business continuity in the event of DDoS attacks, with its intelligently automated, SmartWall DDoS protection solution.

As DDoS attacks continue to grow in magnitude, frequency, and sophistication, it is no longer safe to address this growing problem with traditional blackholing or manual interventions. Corero’s real-time automatic approach is the only way to effectively prevent DDoS-downtime as it blocks over 98% of attacks in seconds, with no operator intervention required. Our ongoing market growth is being further propelled by multiple new product enhancements which ensure we continue to do so.

Corero’s new SmartWall DDoS protection includes:

  • Automatic Spread Spectrum attack protection to address the increase in volumetric ‘Carpet Bomb’ attacks that target entire network ranges and enables them to evade conventional DDoS mitigation solutions.
  • Automatic Advanced Botnet/Source flood protection to address the harmful high-rate traffic sources experienced with Botnet flood attacks as well as new TCP protocol flood protections (SYN-ACK, ACK, etc…)
  • Intelligent Fragment protection using Corero’s patented heuristics-based Smart-Rule technology enhances the ability to automatically block the large volumes of packet fragments associated with many of today’s DDoS attacks.

“As botnet and carpet bomb attacks continue to increase, these new capabilities enable Corero to further expand our automatic DDoS protection to address these significant threats, helping to keep our customers, and theirs, online, all the time,” says Corero’s head of security operations..

Comment on this article below or via Twitter: @VanillaPlus OR @jcvplus