Tag Archive for: massive

Meris Botnet Sets Record with Massive DDoS Attacks Across Global Servers

/in


In a startling display of cyber force, the Meris botnet has successfully executed the largest DDoS (Distributed Denial of Service) attacks in history this summer, targeting a wide range of countries including the United States, Russia, New Zealand, and the United Kingdom. This malicious network, comprising over 250,000 devices, overwhelmed some of the most robust servers worldwide, marking a significant moment in cyber warfare.

Research conducted by the Russian search engine Yandex, alongside insights from DDoS mitigation service Qrator Labs, has unveiled that Meris is a new breed of botnet. Its capacity to generate an unprecedented 21.8 million requests per second (RPS) during an attack on Yandex on September 5 highlights its potential to cripple almost any infrastructure, including highly resilient networks.

Unprecedented Scale and Impact

The Meris botnet’s capability to launch attacks of such magnitude lies in its unique focus on the number of requests per second, a method that sets it apart from traditional DDoS attacks which generally aim to saturate servers with massive amounts of data. This strategy has enabled Meris to take down significant infrastructures, as evidenced by the disruption caused to major companies in New Zealand, including banks like ANZ and Kiwibank, NZ Post, MetService, and even the New Zealand Police.

Technical Sophistication

Unlike typical ‘Internet of Things’ (IoT) devices often associated with botnets, the devices commandeered by Meris are high-performance and likely connected via Ethernet, contributing to the botnet’s formidable power. This revelation, coupled with the attackers’ technique of rotating devices to avoid revealing their full capacity, complicates efforts to mitigate the botnet’s impact.

Global Response and Mitigation

The emergence of Meris has prompted a global response, with entities like Cloudflare and Yandex at the forefront of efforts to counteract the botnet’s attacks. The record-breaking assault on Yandex, which surpassed previous incidents attributed to the Mirai botnet, underscores the escalating challenge of safeguarding digital infrastructure against such sophisticated…

Source…

Change Healthcare confirms ransomware attack, hackers claim massive data haul

/in


Optum’s Change Healthcare confirmed Feb. 29 that it was hacked by a ransomware gang after the group claimed to have stolen massive amounts of data.

“Change Healthcare can confirm we are experiencing a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” an Optum spokesperson emailed Becker’s on Feb. 29. “We are actively working to understand the impact to members, patients and customers.”

Many of Change Healthcare’s applications, which span revenue cycle management to prescription processing, have been down since Feb. 21, disrupting operations at hospitals, physician practices and pharmacies across the country.

ALPHV/Blackcat, aka BlackCat, claimed responsibility for the hack, posting on its dark web leak site that it stole 6 terabytes worth of Change Healthcare data involving “thousands of healthcare providers, insurance providers, pharmacies, etc,” Bleeping Computer reported Feb. 28. The allegedly stolen data includes medical records, patient Social Security numbers, and information on active military personnel (Change serves some military healthcare facilities).

But as Politico noted Feb. 28: “Ransomware groups, which demand extortion payments in exchange for restoring or not publishing stolen data, often exaggerate their exploits as a negotiating tactic.”

ALPHV/Blackcat, which has been linked to Russia, has been targeting the U.S. healthcare industry since December after the FBI disrupted its operations.

Change Healthcare said it is working with cybersecurity firms Palo Alto Network and Mandiant, a Google subsidiary, as well as law enforcement to address the cyberattack.

Source…

Hackers for sale: What we’ve learnt from China’s massive cyber leak

/in


BEIJING – A massive data leak from Chinese cyber-security firm I-Soon has offered a rare glimpse into the inner workings of Beijing-linked hackers.

I-Soon has yet to confirm the leak is genuine and has not responded to a request for comment from AFP.

As at Feb 23, the leaked data was removed from the online software repository GitHub, where it had been posted.

Analysts say the leak is a treasure trove of intelligence into the day-to-day operations of China’s hacking programme, which the United States’ Federal Bureau of Investigation says is the biggest of any country.

From staff complaints about pay and office gossip to claims of hacking foreign governments, here are some of the key insights from the leaks:

Who got hacked?

Every day, workers at I-Soon were targeting big fish.

Government agencies from China’s neighbours, including Kyrgyzstan, Thailand, Cambodia, Mongolia and Vietnam, had websites or e-mail servers compromised, the leak revealed.

There are long lists of targets, from British government departments to Thai ministries.

I-Soon staff also boasted in leaked chats that they secured access to telecom service providers in Pakistan, Kazakhstan, Mongolia, Thailand and Malaysia, among others.

They named the government of India – a geopolitical rival of Beijing’s – as a key target for “infiltration”.

And they claimed to have secured back-end access to higher education institutions in Hong Kong and self-ruled Taiwan, which China claims as part of its territory.

But they also admitted to having lost access to some of their data seized from government agencies in Myanmar and South Korea.

Other targets are domestic, from China’s north-western region of Xinjiang to Tibet and from illegal pornography to gambling rings.

Who was paying them?

Judging from the leaks, most of I-Soon’s customers were provincial or local police departments – as well as province-level state security agencies responsible for protecting the Communist Party from perceived threats to its rule.

The firm also offered clients help protecting their devices from hacking and securing their communications – with many of their contracts listed as…

Source…

Security Report Blows The Whistle On A Massive Android TV Botnet Campaign

/in


security report blows the whistle on a massive android tv botnet campaign

Botnet activities are usually sniffed out and found fairly routinely, but it seems that a previously unknown cybercrime gang named Bigpanzi has been laying low and getting away with it. New reports suggest that this gang has amassed a 170,000-device-strong botnet since 2015, developing along with it an admittedly impressively vast infrastructure network.

This week, researchers out of Qianxin Xlabs, a Chinese research group, published a report on the threat group Bigpanzi. This discovery began with the finding of a virus sample called pandoraspear, which contained nine hardcoded C2 domain names. Two of these domain names were expired, so the researchers elected to register the domains and determine the botnet’s size. This allowed them to find that the network had 170,000 daily active bots which are primarily based out of Brazil.

apps security report blows the whistle on a massive android tv botnet campaign
Examples of some of the sites for the malicious apps.

While the Bigpanzi gang went after the researchers after they made this discovery, the investigation continued. This allowed them to find several download scripts and other information, further revealing the threat actor group’s infrastructure and motives. Namely, it is noted that the group “primarily targets Android OS TVs and set-top boxes, as well as eCos OS set-top boxes.” This is based on getting users to install apps or updates to gain control of the systems rather than relying on leveraging vulnerabilities.

map security report blows the whistle on a massive android tv botnet campaign

Beyond standard botnet activities like distributed denial-of-service (DDoS), this network can “disseminate any form of visual or audio content, unbound by legal constraints.” The concern is that the botnet could “broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability.”

How this group operates and its potential capabilities are rather interesting, as this is something that has yet to be seen. Further, it is fascinating that they have been able to lay low for so long without discovery while being so widespread. You can see the full coverage of the group on the Xlabs site, but perhaps the key takeaway is that one should not just install…

Source…