A brand new botnet has emerged and was spotted on April 16th, yet details have only been made public earlier today. It appears the person behind this new threat scanned for vulnerable IOT devices on port 81. When this unusual amount of port 81 traffic was first discovered, security researchers were a bit unsure as to what they should expect. It quickly became apparent someone was deliberately conducting online scans for vulnerable devices, though.
On April 23rd, this new botnet successfully launched its first DDoS attack, which was directed at a Russian bank. That is quite interesting, considering the command-and-control server is hosted on Iranian internet domains. This further validated the concerns this was not a new variant of Mirai by any means. The new botnet attacks on different UDP ports, and it has a completely different attack module. It appears just over 43,200 devices are part of this botnet so far, although that number is expected to increase over the coming weeks.
Last year, at least five major banks in Russia have been hit with a series of cyberattacks made possible by a malicious botnet consisting of roughly 24,000 computer systems and Internet of Things (IoT) devices from 30 different countries, a security firm has said.
Sberbank, Russia’s largest state-controlled bank, alongside with four other financial intuitions, reportedly suffering a barrage of distributed-denial-of-service (DDoS) traffic starting on 8 November. The firms maintain that no customer funds were compromised in the attacks.
This was a follow up an only most recent example occurred on 21 October after a botnet – called Mirai – was deployed against the servers of Dyn, a major DNS provider. As a result of this attack, many big-brand websites including Twitter, Reddit and Netflix were taken offline or disrupted in the US for several hours.