Akamai warns of new HinataBot malware botnet capable of massive DDoS attacks

by | Mar 20, 2023 | News

malware botnet HinataBot DDoS

Post Views: 400

Premium Content

Patreon
Subscribe to Patreon to watch this episode.
Reading Time: 3 Minutes

HinataBot targets

Akamai researchers recently discovered a new malware botnet known as HinataBot that targets Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into a distributed denial of service (DDoS) swarm. The botnet exploits old flaws such as CVE-2014-8361 and CVE-2017-17215 and was first detected in mid-January 2023. HinataBot seems to be based on Mirai and is a Go-based variant of the notorious malware strain. Akamai’s researchers captured multiple samples from active campaigns as recently as March 2023 and deduced that the malware is under active development, featuring functional improvements and anti-analysis additions.

HinataBot is distributed by brute-forcing Secure Shell (SSH) endpoints or using infection scripts and Remote Code Execution (RCE) payloads for known vulnerabilities. After infecting devices, the malware remains silent, waiting for commands to execute from the command and control server. Even though the newer variants only feature HTTP and User Datagram Protocol (UDP) flood attacks, the botnet can potentially perform powerful DDoS attacks. Older versions of HinataBot supported HTTP, UDP, Internet Control Message Protocol (ICMP), and Transmission Control Protocol (TCP) floods.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

3.3 Tbps DDoS attacks

Akamai researchers benchmarked the botnet in 10-second attacks for both HTTP and UDP. In the HTTP attack, the malware generated 20,430 requests for a total size of 3.4 MB. The UDP flood generated 6,733 packages totaling 421 MB of data. The researchers estimated that with 1,000 nodes, the UDP flood could generate roughly 336 Gbps, while at 10,000 nodes, the attack data volume would reach 3.3 Tbps. In the case of the HTTP flood, 1,000 ensnared devices would generate 2,000,000 requests per second, while 10,000 nodes would take that number of 20,400,000 requests per second and 27 Gbps.

UDP flood packet capture

UDP flood packet capture (Akamai)

Trending: A primer on OS Command Injection Attacks

Trending: Offensive Security Tool: Bypass Url Parser

HinataBot might implement more exploits while widening its scope

Akamai’s analysts created a Command and Control (C2) server of their own and interacted with simulated infections to stage HinataBot for DDoS attacks to observe the malware in action and infer its attack capabilities. Although HinataBot is still in development and might implement more exploits and widen its targeting scope anytime, the fact that its development is so active increases the likelihood of seeing more potent versions circulating in the wild soon. “Let’s hope that the HinataBot authors move onto new hobbies before we have to deal with their botnet at any real scale,” warns Akamai.

Trending: Kali Linux 2023.1 – Adds Kali Purple for defensive security, python updates, new tools

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This