A dangerous new botnet is adding new ways to infect vulnerable endpoints almost every day, researchers are saying.
Multiple cybersecurity research teams spotted a botnet called EnemyBot in March this year, and at first, it was found to be abusing critical vulnerabilities in web servers, CMS platforms, Android smartphones and Internet of Things (IoT) devices.
Since then, researchers have been tracking the development of the botnet and have found its creators are fast adding newly discovered vulnerabilities to the list of attack vectors.
The latest report, coming from AT&T Alien Labs, says 24 new vulnerabilities have been added, including some that don’t even have a CVE number yet, making them extremely dangerous.
DDoS attacks
Among the flaws, as noted by BleepingComoputer, are multiple critical vulnerabilities in VMware Workspace ONE access and VMware Identity Manager, as well as F5 BIG-IP.
While the botnet’s main goal is to run Distributed Denial of Service (DDoS) attacks, it also allows operators to create a reverse shell on the target device, bypassing firewalls and other defense mechanisms.
The group behind EnemyBot seems to be Keksec, a threat actor also known as Necro, & Freakout. It is most famous for operating the Tsunami DDoS malware dubbed “Ryuk” (not to be confused with the malware (opens in new tab) of the same name).
According to Bleeping Computer, this seems to be an experienced group, which recently seems to have published the botnet’s source code.
To protect from a DDoS attack, organizations are advised to patch their operating systems and software as soon as possible, install a firewall and monitor network traffic, and make sure all devices are protected by an antivirus service.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba