CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security


CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks


In attacks over the past three months, threat actors have exploited more than 80 vulnerabilities to accelerate distribution of the Mirai variant.



Researchers have spotted a recent surge in activity involving a Mirai distributed denial-of-service (DDoS) botnet variant called CatDDoS.
The attacks have targeted organizations across multiple sectors and include cloud vendors, communication providers, construction companies, scientific and research entities, and educational institutions in the US, France, Germany, Brazil, and China.
The malware first surfaced last August and was a relatively prolific threat in September 2023. CatDDoS dropped largely out of sight in December, prompting researchers tracking the threat at Chinas QiAnXin XLab to assume the operators of the malware may have pulled its plug.
In a
report issued this week
, QiAnXin said its researchers have observed multiple gangs using CatDDoS variants during the past three months. The operators of the variants, which are being tracked under various names, including RebirthLTD, Komaru, and Cecilio Network, have so far exploited at least 80 different vulnerabilities in their new campaign, QiAnXin said.
Our system has observed that CatDDoS-related gangs remain active, QiAnXin said in a blog post. Additionally, the maximum number of targets has been observed to exceed 300+ per day.
The vulnerabilities being exploited under the CatDDoS umbrella affect dozens of products and technologies, including
Apache ActiveMQ Servers
,
Apache Log4j
, Cisco Linksys,
Jenkins
servers, and NetGear routers.
Many of the vulnerabilities are recent, meaning they were disclosed over the past year. But there are numerous others that CatDDoS threat actors are leveraging that are relatively old. Among them is
CVE-2010-2506
, a nearly 14-year-old vulnerability in Linksys firmware;
CVE-2013-1599
, a more than decade-old flaw in D-Link IP cameras; and
CVE-2011-5010
, a remote code execution vulnerability in Ctek SkySouters from 2011.
We have not yet identified some vulnerabilities, but it may be a zero-day vulnerability based on the parameters of execution of the samples, QuAnXin said. For example, skylab0day and Cacti-n0day are shown in the samples running parameters, the company noted, pointing to CatDDoS-related telemetry that its researchers analyzed.
According to QuAnXin. CatDDoS actors have been compromising upward of 300 targets per day in the latest wave of attacks.
The CatDDoS variants that the security vendor has observed all appear to be based on source code that the authors of the original malware publicly released in December after a futile bid to get someone to buy it off them. Though the different variants may be managed by different groups, there is little variation in the code, communication design, strings, decryption methods, etc., QuAnXin said. So we unified these variants into the CatDDoS-related gangs, even though they may not want to admit it.
DDoS malware and botnets remain a
potent threat for organizations worldwide
. Though many organizations have built substantial redundancies into their network infrastructure to accommodate sudden DDoS-related traffic spikes, threat actors have upped their game as well.
A
recent report from Nexusguard
showed threat actors have shifted their attack focus to individual computers and servers. These systems were the primary target in 92% of the DDoS attack attempts that Nexusguard spotted last year — up sharply from just 68% a year ago. The company attributed the shift in focus to new vulnerabilities in Windows systems and the availability of malware that made it easier for attacks to compromise these systems,
Significantly, though DDoS attack volumes dropped 55% in 2023, the size of individual attacks grew 233%. In many of these attacks, threat actors continued to
rely on NTP amplification
— a technique that massively boosts attack traffic. But increasingly, Nexusguard said, they also relied on other techniques such as DNS amplification and HTTPS flooding methods to boost attack traffic volumes.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks