Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet

  /     /     /  
Publicated : 23/11/2024   Category : security


Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet


With HinataBot, malware authors have created a beast many times more efficient than even the scariest botnets of old, packing more than 3Tbit/s DDoS speeds.



Former Mirai hackers have developed a new botnet, dubbed HinataBot, with the potential to cause far greater damage with far fewer resources required from its operators than its predecessor.
Mirai is one of the worlds most notorious botnets. In circulation since the mid-2010s, it uses
Internet of Things (IoT) devices
like routers and cameras to hit targets with massive amounts of traffic to force distributed denial of service (DDoS). Some of its most notorious attacks were against French technology company OVH, the government of Liberia, and
DNS provider Dyn
, an attack that touched websites such as Twitter, Reddit, GitHub, CNN, and many more.
Now, in a
report published March 16
, researchers from Akamai noted that HinataBot has only been in development since mid-January. Despite that, according to initial tests, it packs in orders of magnitude more powerful than its predecessor, reaching more than 3 Tbit/s traffic flows.
In its heyday, the Mirai botnet managed to flood its victims with hundreds of gigabytes per second in traffic — up to 623 Gbit/s for the
KrebsOnSecurity website
, and nearly 1 Tbit/s against OVH. As OVH noted at the time, that huge wave of data was enabled by a
network of around 145,000 connected computers
, all sending requests to their systems simultaneously.
To gauge the relative strength of HinataBot the Akamai researchers ran 10-second test attacks. If the botnet contained just 1,000 nodes, they found, the resulting UDP flood would weigh in at around 336 Gbps per second. In other words, with less than 1% of the resources, HinataBot was already capable of producing traffic approaching Mirais most vicious attacks.
When they considered what HinataBot could do with 10,000 nodes — roughly 6.9% of the size of peak Mirai — the resulting traffic topped out at more than 3.3 Tbit/s, many times stronger than any Mirai attack.
These theorized capabilities obviously dont take into account the different kinds of servers that would be participating, their respective bandwidth and hardware capabilities, etc., Akamai researchers warned in the report, but you get the picture. Lets hope that the HinataBot authors move onto new hobbies before we have to deal with their botnet at any real scale.
Much of the reason for HinataBots improvements comes down to how it was written.
Most malware has traditionally been written in C++ and C, explains Allen West, one of the principal researchers of the report. Mirai, for example, was written in C.
In more recent years, though, hackers have become more creative. Theyre trying to take any new approach they can, and these new languages — such as Go, with its efficiencies and the way it stores strings — makes it more difficult for people to deal with.
Go — short for Golang — is the high-level programming language underpinning HinataBot. Its similar to C, but, in some ways, its more powerful. With Golang, explains Chad Seaman, another author of the report, hackers get better error handling, they get memory management, they get easy threaded worker pools, and a little bit more of a stable platform that provides some of the speed and performance you would associate with a C-level language, and C or C++ binaries, with a lot of things that they dont have to manage.
It just lowers the bar on technical difficulty, he says, while also raising the performance bar over, say, some of the other traditional languages.
For all of these reasons, Go has become a
popular choice for malware authors
. Botnets like
kmsdbot
,
GoTrim
, and
GoBruteForcer
are cases in point. Go is becoming more performant and more mainstream and more common, Seaman says, and the malware that results is all the more powerful for it.
As scary as HinataBot may be, there may be a bright side.
HinataBot isnt simply more efficient than Mirai — it
must be
more efficient because its working with less.
The vulnerabilities through which its spread are not new or novel, Seaman says. HinataBot leverages weaknesses and CVEs already known to the security community and utilized by other botnets. Its an environment quite different than that of which Mirai operated in circa 2016–17, when IoT vulnerabilities were novel and security for the devices was not top of mind.
I dont think were going to see a case of another Mirai, unless they get creative in how theyre distributing and their infection techniques,” Seaman says. Were not going to see another 70,000 or 100,000-node, Mirai-like threat from the Hinata authors under their current tactics, techniques, and procedures.
A less optimistic observer might note that, being only a couple of months old now, there is plenty of time for HinataBot to improve upon its limited weaknesses. It may just be an introductory phase, right? Seaman points out. Theyre grabbing at low hanging fruit so far, without needing to go out and do anything really novel yet.
Nobody can yet say how big this botnet will become, or in what ways itll change over time. For now, we can only prepare for what we know — that this is a very powerful tool, operating over known channels and exploiting known vulnerabilities.
Theres nothing that theyre doing within the traffic thats circumventing security controls weve already put in place, notes Larry Cashdollar, the third author of the report. The exploits are old. There are no zero days. So, as it stands, the fundamental security principles for defending against this kind of threat — strong password policies, dutiful patching, and so on — are the same. Theyre still sufficient.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet