CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks

Researchers have spotted a recent surge in activity involving a Mirai distributed denial-of-service botnet variant called CatDDoS. The attacks have targeted organizations across multiple sectors and include cloud vendors, communication providers, construction companies, scientific and research entities, and educational institutions in the US, France, Germany, Brazil, and China.
Multiple Variants The malware first surfaced last August and was a relatively prolific threat in September 2023.
CatDDoS dropped largely out of sight in December, prompting researchers tracking the threat at China's QiAnXin XLab to assume the operators of the malware may have pulled its plug.
In a report issued this week, QiAnXin said its researchers have observed multiple gangs using CatDDoS variants during the past three months.
The operators of the variants, which are being tracked under various names, including RebirthLTD, Komaru, and Cecilio Network, have so far exploited at least 80 different vulnerabilities in their new campaign, QiAnXin said.
The vulnerabilities being exploited under the CatDDoS umbrella affect dozens of products and technologies, including Apache ActiveMQ Servers, Apache Log4j, Cisco Linksys, Jenkins servers, and NetGear routers.
Many of the vulnerabilities are recent, meaning they were disclosed over the past year.
There are numerous others that CatDDoS threat actors are leveraging that are relatively old.
Among them is CVE-2010-2506, a nearly 14-year-old vulnerability in Linksys firmware; CVE-2013-1599, a more than decade-old flaw in D-Link IP cameras; and CVE-2011-5010, a remote code execution vulnerability in Ctek SkySouters from 2011.
CatDDoS actors have been compromising upward of 300 targets per day in the latest wave of attacks.
The CatDDoS variants that the security vendor has observed all appear to be based on source code that the authors of the original malware publicly released in December after a futile bid to get someone to buy it off them.
A Potent Threat, as Always DDoS malware and botnets remain a potent threat for organizations worldwide.
Though many organizations have built substantial redundancies into their network infrastructure to accommodate sudden DDoS-related traffic spikes, threat actors have upped their game as well.
A recent report from Nexusguard showed threat actors have shifted their attack focus to individual computers and servers.
These systems were the primary target in 92% of the DDoS attack attempts that Nexusguard spotted last year - up sharply from just 68% a year ago.
The company attributed the shift in focus to new vulnerabilities in Windows systems and the availability of malware that made it easier for attacks to compromise these systems,.
Significantly, though DDoS attack volumes dropped 55% in 2023, the size of individual attacks grew 233%. In many of these attacks, threat actors continued to rely on NTP amplification - a technique that massively boosts attack traffic.
Nexusguard said, they also relied on other techniques such as DNS amplification and HTTPS flooding methods to boost attack traffic volumes.


This Cyber News was published on www.darkreading.com. Publication date: Tue, 28 May 2024 21:25:25 +0000


Cyber News related to CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks - Researchers have spotted a recent surge in activity involving a Mirai distributed denial-of-service botnet variant called CatDDoS. The attacks have targeted organizations across multiple sectors and include cloud vendors, communication providers, ...
6 months ago Darkreading.com
Why every company needs a DDoS response plan - Today's DDoS attacks are not what they were even a few years ago, and we continue to see DDoS attacks that are framed as the largest in history. As a result, large organizations need adaptive, multilayered defense capabilities that can respond just ...
5 months ago Helpnetsecurity.com
The Rise of DDoS Attacks in Q3, 2023: Are You Prepared? - The Indusface AppSec Q3, 2023 Report reveals a staggering 67% surge in DDoS attacks compared to the previous quarter, highlighting a concerning trend with profound impacts on various industries. Over 41% of websites have shown signs of DDoS attacks ...
11 months ago Cybersecuritynews.com
The State of DDoS Attacks: Evolving Tactics and Targets Businesses Must Be Aware Of - Now, these attacks are becoming more dangerous, targeted, and detrimental as they evolve. As DDoS attacks become more sophisticated, adversaries are able to hone in on the most vulnerable targets, ranging from small- and medium-sized businesses to ...
11 months ago Cyberdefensemagazine.com
How to Prepare for DDoS Attacks During Peak Business Times - One common tactic that many security practitioners have witnessed is carrying out distributed denial-of-service attacks during peak business times, when companies are more likely to be short-staffed and caught unawares. While DDoS attacks are a ...
11 months ago Darkreading.com
VPN to protect against DDoS attacks on Twitch - Swarming or DDoS attacks pose a threat to streamers. Your data goes through a secure server, making it harder for attackers to target your actual IP address. A distributed denial-of-service attack globally harasses and attacks legitimate users and ...
11 months ago Itsecurityguru.org
Security Series: Protecting the Edge Against DDoS Attacks with a Simplified Integrated Solution - An unprecedented increase in distributed-denial-of-service attacks in recent years has resulted in lost revenue and productivity, increased ransomware costs, and impacted service-level agreements for network operators. According to Zayo Group's ...
1 year ago Feedpress.me
Pro-Russian DDoS Attacks Alarm Denmark and US - Distributed denial-of-service (DDoS) attacks by pro-Russian hacking groups have caused alarm in the US and Denmark after several incidents affected websites of hospitals and government offices in both countries. On Tuesday, Denmark announced that it ...
1 year ago Therecord.media
In Cybersecurity and Fashion, What's Old Is New Again - While distributed denial-of-service attacks and zero-day threats are nothing new in cybersecurity, they're still happening regularly for a simple reason: They work. In early November 2023, OpenAI blamed a DDoS attack for intermittent ChatGPT issues, ...
11 months ago Darkreading.com
Essential DDoS statistics for understanding attack impact - The impact of DDoS attacks extends far beyond mere inconvenience, as they can result in financial losses, compromised data, and erosion of customer trust. Understanding the nature and consequences of DDoS activity is essential for organizations and ...
11 months ago Helpnetsecurity.com
Understanding the Escalating Threat of Web DDoS Tsunami Attacks - Whether it's hacktivists conducting cyberwarfare or ransom-seeking criminals targeting vulnerable firms in financial services, retail, energy, or transportation, a new breed of destructive distributed denial of service attack - the Web DDoS Tsunami - ...
11 months ago Cyberdefensemagazine.com
How to Prevent DNS Attacks: DNS Security Best Practices - To protect against attack, best practices must be applied to protect the DNS protocol, the server on which the DNS protocol runs, and all access to the DNS processes. Implementing these best practices will not only protect DNS but also network ...
1 year ago Esecurityplanet.com
DDoS Attacks on Rappler Linked to Proxy Service Providers in US and Russia - Qurium, the Swedish media foundation and human rights watchdog leading the investigation into these DDoS attacks implicates FineProxy and RayoByte in facilitating the attacks. On November 30, 2023, Rappler, the leading digital media company in the ...
1 year ago Hackread.com
87% of DDoS Attacks Targeted Windows OS Devices in 2023 - Computers and servers became the primary target of attacks, making up 92% of DDoS attempts, compared to only 68% in the previous year. Attacks are also becoming shorter and less frequent, but more powerful. While the overall count in attack frequency ...
7 months ago Darkreading.com
Hackers are Launching DDoS Attacks During Peak Business Hours - Many security practitioners have seen distributed denial-of-service attacks carried out during peak business hours, when firms are more likely to be understaffed and caught off guard. DDoS attacks are a year-round threat, but we've seen an increase ...
11 months ago Cysecurity.news
Cybersecurity and Infrastructure Security Agency Reports Minimal Impact of Killnet Distributed Denial of Service Attacks on American Hospitals - The Cybersecurity and Infrastructure Security Agency (CISA) reported that it had assisted numerous hospitals in responding to a series of distributed denial-of-service (DDoS) attacks last week, which were launched by a pro-Kremlin hacking group known ...
1 year ago Therecord.media
Recently patched CUPS flaw can be used to amplify DDoS attacks - As Akamai security researchers found, a CVE-2024-47176 security flaw in the cups-browsed daemon that can be chained with three other bugs to gain remote code execution on Unix-like systems via a single UDP packet can also be leveraged to ...
2 months ago Bleepingcomputer.com
Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps - Typically, threat actors launching DDoS attacks rely on large networks of infected devices (botnets) or look for ways to amplify the delivered data at the target, which requires a smaller number of systems. After scanning the public internet for ...
2 months ago Bleepingcomputer.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
10 months ago Microsoft.com
Russian state-owned Sberbank hit by 1 million RPS DDoS attack - Russian financial organization Sberbank states in a press release that two weeks ago it faced the most powerful distributed denial of service attack in recent history. Sberbank is a majority state-owned banking and financial services company and the ...
1 year ago Bleepingcomputer.com
Mitigate HTTP/2 Rapid Reset Threats with Imperva WAF - In the modern application landscape, where businesses are constantly under the threat of cyber attacks, one of the most recent to emerge is HTTP/2 Rapid Reset, a type of Distributed Denial-of-Service attack. This attack is larger than any previously ...
11 months ago Imperva.com
Understanding the Increase of DDoS Attacks in 2022 According to Russia's Largest ISP - In 2022, record-breaking levels of distributed denial of service (DDoS) attacks were reported by Russia’s largest ISP, according to MIT Technology Review. DDoS attacks are targeted cyber-attacks that are conducted against computer networks, ...
1 year ago Heimdalsecurity.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com
Recent DDoS-as-a-Service Platform Passion Used in Attacks on Hospitals - A new DDoS-as-a-Service platform called Passion was recently used by pro-Russian hacktivists to launch attacks against medical institutions in the United States and Europe. A DDoS attack is when malicious actors send a large number of requests and ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)