Cybersecurity researchers from Akamai have discovered a new botnet that is reportedly capable of launching 3.3 Tbps Distributed Denial of Service (DDoS) attacks.
The researchers’ honeypots picked up the new botnet as the malware tried to exploit old vulnerabilities such as CVE-2014-8361 and CVE-2017-17215 to increase the number of bots.
These two flaws are affecting Realtek SDS, Huawei routers, and Hadoop YARN servers, it was said. The attackers would use either brute force, or infection scripts and RCE payloads, to target these devices with malware.
Scaling the threat
The malware itself is based on another infamous botnet called Mirai. It’s called HinataBot, and it’s written in Go. Apparently, it’s being actively developed, with newer versions sporting extra features, such as functional improvements and anti-analysis. Older versions supported HTTP, UDP, ICMP, and TCP floods, the researchers said, but the newer ones only support HTTP and UDP.
Still, that is enough for some seriously devastating power. Akamai’s benchmark showed the malware being able to generate more than 20,000 requests, reaching 3.4MB. With roughly a thousand nodes, the attack data volume could hit 3.3 Tbps, they concluded.
The worst part is - new features are likely to be introduced soon, making the botnet even more powerful and more destructive.
"These theorized capabilities obviously don't take into account the different kinds of servers that would be participating, their respective bandwidth and hardware capabilities, etc., but you get the picture," Akamai concluded.
Despite its potential power, it seems as if the operators are yet to launch a major cyberattack using HinataBot. Akamai says the attack was still not seen as “real scale”:
“This is likely just the beginning for HinataBot Let's hope that the HinataBot authors move onto new hobbies before we have to deal with their botnet at any real scale."
- Check out the best endpoint protection software around