DDoS attacks

TeamTNT mining botnet infected over 50,000 systems in three months

Trend Micro warns that since March 2021, the TeamTNT mining botnet from the same-named group has successfully compromised more than 50,000 systems. he TeamTNT group has been active since at least April 2020 and started with attacks on incorrectly configured Docker installations, infecting them with miners and bots for DDoS attacks. Then it became known that the hackers slightly changed their tactics: they began to attack Kubernetes, and also began to search for credentials from Amazon Web Services on the infected servers and steal them. In addition, there have now been recorded cases of hackers posting malicious images to the Docker Hub, and researchers have discovered that the group is using the Weave Scope tool in their attacks, designed to …

TeamTNT mining botnet infected over 50,000 systems in three months Read More »

mining botnet TeamTNT

Akamai Says Powerful DDoS Attacks Are Becoming the Norm

According to Akamai’s calculations, powerful ransomware DDoS attacks are becoming the norm. Although they fall short of past records (recall last year’s 2.54 TB/sec attack or 1.35 TB/sec attack in 2018), it’s still a big problem. he fact is that three recent attacks are among the six largest DDoS attacks ever detected by Akamai. Experts explain that so many powerful DDoS attacks are actually becoming the new norm. For example, for three months in 2021, the company has already recorded more attacks with a capacity of over 50 Gbps than in all 2019. The most notable attacks were at 800+ Gbps, 824 Gbps, and 812 Gbps. The last two occurred on the same day – February 24, and the company …

Akamai Says Powerful DDoS Attacks Are Becoming the Norm Read More »

DDoS attacks becoming the norm

Attackers using DCCP protocol for DDoS attacks

Akamai has noticed that attackers are using the little-known DCCP network protocol (Datagram Congestion Control Protocol) for DDoS attacks. his internet standard was approved in 2007 and helps monitoring network congestion for UDP-based communications. DCCP is especially effective for applications where data arriving at the wrong time becomes useless. For example, streaming, online gaming, and Internet telephony. Although the protocol includes many features, Akamai reports that hackers abuse the three-way handshake that occurs at the start of a DCCP + UDP connection. Thus, attackers can send a stream of DCCP-Request packets to port 33 of the server (where the DCCP protocol works), thereby forcing the server to spend important resources on initiating multi-way three-way handshakes that will not complete, and …

Attackers using DCCP protocol for DDoS attacks Read More »

Attackers using DCCP protocol

DTLS can amplify DDoS by 37 times

Netscout warns that using of the DTLS vector allows hackers to amplify DDoS attacks by 37 times. he researchers found that criminals are using a relatively new vector for amplifying DDoS attacks: the Datagram Transport Layer Security (DTLS) protocol, which provides connection security for protocols using datagrams. DTLS, like other UDP-based protocols, is susceptible to spoofing, which means it can be used as a DDoS amplification vector. That is, a hacker can send small DTLS packets to a DTLS-enabled device, and the response will be returned to the victim’s address in the form of a much larger packet. According to experts, earlier this vector of attack amplification was used only by advanced attackers, but now the use of DTLS has …

DTLS can amplify DDoS by 37 times Read More »

Using DTLS amplify DDoS

REvil spokesman boasts that hackers have access to ballistic missile launch systems

A Revil representative under the pseudonym Unknown, claims that the hackers, partners in the use of malware, have access to ballistic missile launch systems. ybercriminal group REvil operates on the RaaS ransomware-as-a-service business model, in which attackers offer malware to partners who use it to block devices and encrypt organizations’ data. A REvil spokesperson under the pseudonym Unknown explained, why ransomware can be a devastating weapon in cyber warfare. According to Unknown, the cybercriminal group is trying to maintain political neutrality. Ransomware operators avoid attacks on organizations in the CIS countries, including Georgia and Ukraine, mainly because of geopolitics, local legislation, or patriotism of some members of the group. As Unknown noted, very poor countries do not pay the ransom, …

REvil spokesman boasts that hackers have access to ballistic missile launch systems Read More »

hackers have access to missile
Scroll to Top