Tag Archive for: sets

Meris Botnet Sets Record with Massive DDoS Attacks Across Global Servers


In a startling display of cyber force, the Meris botnet has successfully executed the largest DDoS (Distributed Denial of Service) attacks in history this summer, targeting a wide range of countries including the United States, Russia, New Zealand, and the United Kingdom. This malicious network, comprising over 250,000 devices, overwhelmed some of the most robust servers worldwide, marking a significant moment in cyber warfare.

Research conducted by the Russian search engine Yandex, alongside insights from DDoS mitigation service Qrator Labs, has unveiled that Meris is a new breed of botnet. Its capacity to generate an unprecedented 21.8 million requests per second (RPS) during an attack on Yandex on September 5 highlights its potential to cripple almost any infrastructure, including highly resilient networks.

Unprecedented Scale and Impact

The Meris botnet’s capability to launch attacks of such magnitude lies in its unique focus on the number of requests per second, a method that sets it apart from traditional DDoS attacks which generally aim to saturate servers with massive amounts of data. This strategy has enabled Meris to take down significant infrastructures, as evidenced by the disruption caused to major companies in New Zealand, including banks like ANZ and Kiwibank, NZ Post, MetService, and even the New Zealand Police.

Technical Sophistication

Unlike typical ‘Internet of Things’ (IoT) devices often associated with botnets, the devices commandeered by Meris are high-performance and likely connected via Ethernet, contributing to the botnet’s formidable power. This revelation, coupled with the attackers’ technique of rotating devices to avoid revealing their full capacity, complicates efforts to mitigate the botnet’s impact.

Global Response and Mitigation

The emergence of Meris has prompted a global response, with entities like Cloudflare and Yandex at the forefront of efforts to counteract the botnet’s attacks. The record-breaking assault on Yandex, which surpassed previous incidents attributed to the Mirai botnet, underscores the escalating challenge of safeguarding digital infrastructure against such sophisticated…

Source…

Infostealer Malware Market Booms, as MFA Fatigue Sets In


Malicious actors are finding success deploying information stealer (infostealer) malware, combining stolen credentials and social engineering to carry out high-profile breaches and leveraging multifactor authentication (MFA) fatigue attacks.

These were among the findings of a report from Accenture’s Cyber Threat Intelligence team (ACTI) surveying the infostealer malware landscape in 2022, which also noted a spike in the number of Dark Web advertisements for variety of new infostealer malware variants.

The marketplace for compromised credentials is also growing, according to the report, which takes an in-depth look at a Russian market site used by malicious groups RedLine, Raccoon Stealer, Vidar, Taurus, and AZORult to obtain credentials for sale.

Paul Mansfield, cyber-threat intelligence analyst at Accenture, explains the most important point to understand about the rise of the rise of infostealer malware is the threat to corporate networks.

“There are many examples throughout 2022 of infostealer malware being used to harvest the credentials which serve as an entry point for further attacks,” he says.

For Mansfield, the most concerning finding from the report was the damage that can be done at such little cost to the threat actor.

“The malware generally costs around $200 for one month plus a few other minor additional costs,” he notes. “During that time, they can steal a high volume of credentials from around the globe, pick out the most valuable for targeted attacks — of which there have been several high-profile examples in 2022 — and sell the rest in bulk to marketplaces for others to do the same.”

Ricardo Villadiego, co-founder and CEO of Lumu, says the rise of infostealer malware is a consequence of the ransomware-as-a-service business (RaaS) model boom.

“There are as many variants of infostealers as people willing to pay for the code,” he explains. “The people behind infostealer malware attacks range from individuals with low technical skills to groups allegedly sponsored by governments.”

He adds that what those groups of people have in common is the interest in gathering sensitive data (personal data from their computers, including login credentials, bank account details,…

Source…

This Week’s Hack Chat Sets The Stage For Supercon


While the 2020 and 2021 Remoticons were a blast, we all know that virtual events are no substitute for in-person conferences. Which is why we’re so excited to once again invite the Hackaday community to converge on Pasadena in November for a weekend of talks, workshops, and hardware hacking for our sixth Supercon.

To help get the community prepared for the triumphant return of what we very humbly believe to be the greatest hardware hacking conference the world has ever seen, we invited Majenta Strongheart to this week’s Hack Chat to answer the community’s questions about this hotly anticipated event. There’s an incredible number of moving pieces involved in an event like Supercon, and as Head of Design and Partnerships at our parent company SupplyFrame, she’s integral to putting them all together right up until the doors open on November 4th.

The Chat kicked off with a general confirmation that yes, we did receive your talk and/or workshop proposal. It seems several people didn’t receive the intended confirmation message when they sent their information on, but Majenta assured everyone that all of the completed forms were received correctly and are currently under review. If you put in a proposal, you should be notified in the next few weeks about whether or not it was accepted.

With that out of the way, the next big question was the one that so many of you have been wondering: what does the Hackaday Supercon look like in the era of COVID? The truth is, things are still evolving and it’s hard to be sure of anything with two more months to go. But Majenta did confirm that the decision has been made to limit ticket sales compared to previous years so that attendees have a bit more breathing room — literally and figuratively. In addition many of the planned events will be held outdoors, and the talks will be streamed live for anyone who’d rather not sit in the audience.

Majenta also took this opportunity to let everyone know that the volunteer application form for Supercon will be available very soon, and that as usual, those who are willing to help out will get a free ticket in exchange. Speaking of which, if you’d rather pay the gold price, General…

Source…

GenCyber: NSA sets up summer camps to teach kids to hack



Steve Kelman finds the normally secretive agency’s camps an intriguing way to offer a taste of cybersecurity careers to middle and high school students.

Source…