Mirai-Based NoaBot Launches a DDoS Attack on Linux Devices

Hackers use the Mirai botnet to launch large-scale Distributed Denial of Service attacks by exploiting vulnerable Internet of Things devices.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month.
NoaBot primarily targets Linux IoT devices for DDoS attacks.
Mirai botnet was initially identified in 2016, and its source code is publicly available, leading to various variants appearing.
NoaBot initially surfaced in early 2023 and is evolving with:-.
Not only that even researchers also noted several incidents of dropping P2PInfect worm samples which link both campaigns.
NoaBot mirrors Mirai's capabilities but diverges in code.
While embedded song lyrics in early samples remain unexplained, the developers of this botnet removed the lyrics in the later versions.
NoaBot alters Mirai by employing a distinct SSH credential dictionary and introducing post-breach functions like:-.
Unlike Mirai, NoaBot is compiled with uClibc, which helps in altering antivirus detection to SSH scanner or generic trojan signatures, and the following things complicate the reverse engineering:-.
The miner is a self-compiled XMRig variant that extracts configurations before execution.
Apart from this, the threat actors evade detection by dynamically modifying the command line and encrypting the pool details by communicating with Google's DNS for domain resolution.
In 2023, 849 source IPs globally attacked honeypots, with a notable hotspot in China contributing to 10% of all attacks.
Their global activity is quite evenly distributed, according to their geolocation data.
Given that the software is wormable, it stands to reason that each new victim also becomes an attacker.
On the other hand, China is the standout location for all the action.
Try Kelltron's cost-effective penetration testing services to assess and evaluate the security posture of digital systems - Free Demo.


This Cyber News was published on gbhackers.com. Publication date: Thu, 11 Jan 2024 14:13:43 +0000


Cyber News related to Mirai-Based NoaBot Launches a DDoS Attack on Linux Devices

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Mirai-Based NoaBot Launches a DDoS Attack on Linux Devices - Hackers use the Mirai botnet to launch large-scale Distributed Denial of Service attacks by exploiting vulnerable Internet of Things devices. Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such ...
9 months ago Gbhackers.com
Why every company needs a DDoS response plan - Today's DDoS attacks are not what they were even a few years ago, and we continue to see DDoS attacks that are framed as the largest in history. As a result, large organizations need adaptive, multilayered defense capabilities that can respond just ...
4 months ago Helpnetsecurity.com
The Rise of DDoS Attacks in Q3, 2023: Are You Prepared? - The Indusface AppSec Q3, 2023 Report reveals a staggering 67% surge in DDoS attacks compared to the previous quarter, highlighting a concerning trend with profound impacts on various industries. Over 41% of websites have shown signs of DDoS attacks ...
10 months ago Cybersecuritynews.com
The State of DDoS Attacks: Evolving Tactics and Targets Businesses Must Be Aware Of - Now, these attacks are becoming more dangerous, targeted, and detrimental as they evolve. As DDoS attacks become more sophisticated, adversaries are able to hone in on the most vulnerable targets, ranging from small- and medium-sized businesses to ...
10 months ago Cyberdefensemagazine.com
How to Prepare for DDoS Attacks During Peak Business Times - One common tactic that many security practitioners have witnessed is carrying out distributed denial-of-service attacks during peak business times, when companies are more likely to be short-staffed and caught unawares. While DDoS attacks are a ...
10 months ago Darkreading.com
In Cybersecurity and Fashion, What's Old Is New Again - While distributed denial-of-service attacks and zero-day threats are nothing new in cybersecurity, they're still happening regularly for a simple reason: They work. In early November 2023, OpenAI blamed a DDoS attack for intermittent ChatGPT issues, ...
10 months ago Darkreading.com
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
'Yet another Mirai-based botnet' is spreading an illicit cryptominer - A well-designed operation is using a version of the infamous Mirai malware to secretly distribute cryptocurrency mining software, researchers said Wednesday. Calling it NoaBot, researchers at Akamai said the campaign has been active for about a year, ...
9 months ago Therecord.media
Security Series: Protecting the Edge Against DDoS Attacks with a Simplified Integrated Solution - An unprecedented increase in distributed-denial-of-service attacks in recent years has resulted in lost revenue and productivity, increased ransomware costs, and impacted service-level agreements for network operators. According to Zayo Group's ...
10 months ago Feedpress.me
InfectedSlurs Botnet Spreads Mirai via Zero-Days - The payload targets routers and network video recorder devices with default admin credentials and installs Mirai variants when successful. Until November 9, 2023, the vulnerable devices being targeted were unknown. Since both the name and the version ...
11 months ago Akamai.com
VPN to protect against DDoS attacks on Twitch - Swarming or DDoS attacks pose a threat to streamers. Your data goes through a secure server, making it harder for attackers to target your actual IP address. A distributed denial-of-service attack globally harasses and attacks legitimate users and ...
10 months ago Itsecurityguru.org
Essential DDoS statistics for understanding attack impact - The impact of DDoS attacks extends far beyond mere inconvenience, as they can result in financial losses, compromised data, and erosion of customer trust. Understanding the nature and consequences of DDoS activity is essential for organizations and ...
10 months ago Helpnetsecurity.com
NoaBot Pwns Hundreds of SSH Servers as Crypto Miners - Mirai-based botnet exploits weak auth­en­ti­cation to mine imaginary money. A worm has been quietly building a botnet for the past year. It breaks into Linux SSH servers with weak authentication. In today's SB Blogwatch, we urge a switch to ...
9 months ago Securityboulevard.com
Understanding the Escalating Threat of Web DDoS Tsunami Attacks - Whether it's hacktivists conducting cyberwarfare or ransom-seeking criminals targeting vulnerable firms in financial services, retail, energy, or transportation, a new breed of destructive distributed denial of service attack - the Web DDoS Tsunami - ...
10 months ago Cyberdefensemagazine.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
7 months ago Cisa.gov
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
7 months ago Cisa.gov
How to Prevent DNS Attacks: DNS Security Best Practices - To protect against attack, best practices must be applied to protect the DNS protocol, the server on which the DNS protocol runs, and all access to the DNS processes. Implementing these best practices will not only protect DNS but also network ...
10 months ago Esecurityplanet.com
Pro-Russian DDoS Attacks Alarm Denmark and US - Distributed denial-of-service (DDoS) attacks by pro-Russian hacking groups have caused alarm in the US and Denmark after several incidents affected websites of hospitals and government offices in both countries. On Tuesday, Denmark announced that it ...
1 year ago Therecord.media
DDoS Attacks on Rappler Linked to Proxy Service Providers in US and Russia - Qurium, the Swedish media foundation and human rights watchdog leading the investigation into these DDoS attacks implicates FineProxy and RayoByte in facilitating the attacks. On November 30, 2023, Rappler, the leading digital media company in the ...
10 months ago Hackread.com
Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation - Juniper Threat Labs has been monitoring exploitation attempts targeting an Ivanti Pulse Secure authentication bypass with remote code execution vulnerabilities. We have observed instances of Mirai botnet delivery in the wild, using this exploit with ...
5 months ago Blogs.juniper.net
Russian state-owned Sberbank hit by 1 million RPS DDoS attack - Russian financial organization Sberbank states in a press release that two weeks ago it faced the most powerful distributed denial of service attack in recent history. Sberbank is a majority state-owned banking and financial services company and the ...
11 months ago Bleepingcomputer.com
Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps - Typically, threat actors launching DDoS attacks rely on large networks of infected devices (botnets) or look for ways to amplify the delivered data at the target, which requires a smaller number of systems. After scanning the public internet for ...
1 month ago Bleepingcomputer.com
Hackers are Launching DDoS Attacks During Peak Business Hours - Many security practitioners have seen distributed denial-of-service attacks carried out during peak business hours, when firms are more likely to be understaffed and caught off guard. DDoS attacks are a year-round threat, but we've seen an increase ...
10 months ago Cysecurity.news
Recently patched CUPS flaw can be used to amplify DDoS attacks - As Akamai security researchers found, a CVE-2024-47176 security flaw in the cups-browsed daemon that can be chained with three other bugs to gain remote code execution on Unix-like systems via a single UDP packet can also be leveraged to ...
1 month ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)