Cybersecurity researchers from Fortinet recently observed a botnet called IZ1H9 adding a dozen new payloads. The botnet is based on Mirai, and targets routers from almost a dozen manufacturers, vulnerable to multiple flaws. The routers being targeted with new payloads include those built by D-Link, Netis, Sunhillo, Geutebruck, Yealink, Zyxel, TP-Link, Korenix, TOTOLINK, and possibly Prolink. The vulnerabilities the hackers are going for with these payloads date from 2015 to 2023.
Apparently, the exploitation rates peaked in early September 2023, reaching “tens of thousands” of attempts on vulnerable endpoints.
Adding more bots
DDoS attacks are a common tactic among cybercriminals, in which they disrupt internet-facing websites and services. They overwhelm the target servers by directing obscene amounts of traffic their way until they can no longer serve all of them and just crash. Although it might seem trivial, especially because the average DDoS attack lasts less than 10 minutes, the attacks can cause all sorts of damage to a company (especially financial damage) and could last agonizingly long.
DDoS attacks are often used in synergy with other forms of cyberattacks. In some cases, threat actors would disable the victim’s back-end with ransomware, and the front-end with DDoS. Then, they’d demand payment in cryptocurrency in exchange for both the decryption key for the data in the back-end, and for restoring the front-end.
To be able to overwhelm a server, a botnet needs many endpoints, or bots, to send countless data requests. That’s why botnets strive to compromise and assimilate as many devices as possible. Routers, connected TVs, smart home appliances, and everything else that connects to the internet, can be used. Recently, Google said it mitigated the largest DDoS attack ever recorded, peaking at almost 400 million requests per second.