A new botnet named HinataBot has emerged, targeting distributed-denial-of-service (DDoS) attacks, as reported by Akamai researchers in a recent blog post. The malware behind the botnet, Hinata, is based on the Go programming language and is named after a character from the anime series Naruto. The attackers have been active since at least December 2022, but they only began developing their own malware in mid-January 2023.
According to the researchers, the malware was found in HTTP and SSH honeypots abusing weak credentials and old remote code execution vulnerabilities. These attempts included the exploitation of the minigd SOAP service on Realtek SDK devices (CVE-2014-8361), Huawei HG532 routers (CVE-2017-17215), and exposed Hadoop YARN servers (CVE N/A).
When asked about the targeted attacks, Akamai security researcher Allen West stated that they have only observed attacks launched at themselves so far, but once the C2 is back up, they will get a clearer picture of the situation.
John Bambenek, principal threat hunter at Netenrich, commented on the situation, stating that the exploitation of a nearly 10-year-old vulnerability indicates that people often deploy services and forget about managing the infrastructure. Attackers continue to find resources and use them to further attacks on other organizations. DDoS protection services are important as DDoS botnets are growing, particularly in times of geopolitical and economic turmoil.
Mitigating this threat involves keeping all software and firmware up-to-date, implementing multi-factor authentication to prevent weak credentials, and monitoring all logs and network traffic to detect suspicious activities. Additionally, companies should consider deploying DDoS protection services and preparing an incident response plan to be ready in case of an attack.
In conclusion, it is essential to take proactive measures to defend against emerging botnets like HinataBot. Properly configured and maintained defenses can help reduce an organization's threat surface and protect against DDoS attacks.
0 Comments