GorillaBot Goes Ape With 300K Cyberattacks Worldwide

  /     /     /  
Publicated : 23/11/2024   Category : security


GorillaBot Goes Ape With 300K Cyberattacks Worldwide


Among those affected by all this monkeying around with DDoS in September were some 4,000 organizations in the US.



Distributed denial-of-service (DDoS) attacks involving a new Mirai variant called GorillaBot surged sharply last month, launching 300,000 attacks, affecting some 20,000 organizations worldwide — including nearly 4,000 in the US alone.
In 41% of the attacks, the threat actor attempted to overwhelm the target network with a flood of
User Datagram Protocol
(UDP) packets, which are basically lightweight, connection-less units of data often associated with gaming, video streaming, and other apps. Nearly a quarter of the GorillaBot attacks were
TCP ACK Bypass flood
attacks, where the adversarys goal was to flood the target — often just one port — with a large number of spoofed TCP Acknowledgement (ACK) packets.
This Trojan is modified from the Mirai family, supporting architectures like ARM, MIPS, x86_64, and x86, researchers at NSFocus
said in report last week
, after observing the threat actor behind GorillaBot launch its massive wave of attacks, between Sept. 4 and Sept. 27. The online package and command parsing module reuse Mirai source code, but leave a signature message stating, gorilla botnet is on the device ur not a cat go away [sic], hence we named this family GorillaBot.
NSFocus said it observed the botnet controller leverage five built-in command-and-control servers (C2s) in GorillaBot to issue a steady cadence of attack commands throughout each day. At its peak, the attack commands hit 20,000 in a single day. In all, the attacks targeted organizations in 113 countries with China being the hardest hit, followed by the US, Canada, and Germany, in that order.
Though GorillaBot is based on Mirai code, it packs considerably more DDoS attack methods — 19 in all. The available attack methods in GorillaBot include DDoS floods via UDP packets and TCP Syn and ACK packets. Such
multivector attacks
can be challenging for target organizations to address, because each vector often requires a different mitigation approach.
For example,
mitigating volumetric attacks such as UDP floods
often involve rate limiting or restricting the number of UDP packets from a single source, blocking UDP traffic to unused ports, and distributing attack traffic across multiple servers to blunt the impact.
SynAck flood mitigation
on the other hand is about using stateful firewalls, SYN cookies, and intrusion-detection systems to track TCP connections and ensure that only valid ACK packets are processed.
Traffic related to so-called bad bots like GorillaBot has been steadily increasing over the past few years, and currently represents a significant proportion of all traffic on the Internet.
Researchers at Imperva
recently analyzed some 6 trillion blocked bad bot requests from its global network in 2023, and concluded that traffic from such bots currently accounts for 32% of all online traffic — a nearly 2% increase from the prior year. In 2013, when Imperva did a similar analysis, the vendor estimated bad bot traffic at 23.6% and human traffic as accounting for 57% of all traffic.
Impervas 2024 Bad Bot Report is focused entirely on the use of bad bots at the application layer and not specifically on volumetric DDoS attack on low-level network protocols. But 12.4% of the bad bot attacks that the company helped customers mitigate in 2023
were DDoS attacks
. The security vendor found that DoS attacks in general were the biggest — or among the biggest — use cases for bad bots in some industries, such as gaming, and the telecom and ISP sector in healthcare and retail. Imperva found that threat actors often tend to use bad bots for DDoS attacks where any kind of system downtime or disruption can have significant impact on an organizations operations.

Last News

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
GorillaBot Goes Ape With 300K Cyberattacks Worldwide