A dangerous new botnet is adding new ways to infect weak ends almost every day, researchers say.
Several cybersecurity research teams identified a botnet called EnemyBot in March of this year, and it was first found to be abusing serious vulnerabilities in web servers, CMS platforms, Android smartphones and Internet of Things (IoT) devices.
Since then, researchers have been monitoring the development of botnets and have seen that its makers are rapidly adding new discoveries to the list of attack vectors.
The latest report from AT&T Alien Labs states that 24 new vulnerabilities have been added, some of which do not yet have a CVE number, which makes them extremely dangerous.
Among the errors, mentioned by Blipping computers, VMware Workspace One Access and VMware Identity Manager, as well as multiple complex vulnerabilities in the F5 Big-IP.
Although the botnet’s main goal is to launch a distributed denial of service (DDoS) attack, it allows operators to create a reverse shell on the target device by bypassing firewalls and other defenses.
The team behind EnemyBot seems to be Keksek, a threatening actor also known as Nekro and Freakout. This tsunami is most famous for handling DDoS malware, dubbed “RUK” (don’t get me wrong with malware (Opens in new tab) Of the same name).
According to Blipping computerThis seems to be an experienced group that has recently published the source code of the botnet.
To protect against a DDoS attack, companies are advised to patch their operating systems and software as soon as possible, install a firewall and monitor network traffic and ensure that all devices are protected by an antivirus service.