CatDDoS Botnet Exploits Over 80 Vulnerabilities in Major Software and Devices

by | May 29, 2024 | News

Post Views: 795

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

CatDDoS Botnet Exploits Over 80 Vulnerabilities in Major Software and Devices

The CatDDoS malware botnet has exploited over 80 known security vulnerabilities across various software and hardware over the past three months, compromising vulnerable devices to conduct distributed denial-of-service (DDoS) attacks. The threat actors behind CatDDoS have targeted routers, networking gear, and other devices from vendors like Apache, Cisco, D-Link, Huawei, NETGEAR, TP-Link, and Zyxel, among others.

Vulnerability and Attack Details

CatDDoS-related gangs have leveraged a large number of known vulnerabilities to deliver malware samples, with up to 300+ targets observed per day. The vulnerabilities impact a wide range of devices and software, including Apache’s ActiveMQ, Hadoop, Log4j, RocketMQ, Cacti, FreePBX, GitLab, Gocloud, Jenkins, Linksys, Metabase, Realtek, Seagate, SonicWall, Tenda, TOTOLINK, ZTE, and more.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Origin and Spread of CatDDoS

First observed in the wild in August 2023, CatDDoS is a Mirai botnet variant that can perform DDoS attacks using various methods, such as UDP and TCP. The botnet derives its name from cat-related references found in the malware’s source code and command-and-control (C2) domain names. Most of the attack targets are located in China, followed by the U.S., Japan, Singapore, France, Canada, the U.K., Bulgaria, Germany, the Netherlands, and India.

Technical Specifics and Variants

CatDDoS uses the ChaCha20 algorithm to encrypt communications with its C2 server and employs an OpenNIC domain to evade detection, similar to the Fodcha botnet.

It shares the same key/nonce pair for the ChaCha20 algorithm with other DDoS botnets like hailBot, VapeBot, and Woodman. Although the original authors of CatDDoS shut down their operations in December 2023, the source code was sold or leaked, leading to new variants such as RebirthLTD, Komaru, and Cecilio Network.

Trending: OSINT Tool: SiteDorks

Emerging Threat: DNSBomb Attack

In related news, researchers have disclosed a potent pulsing denial-of-service (PDoS) attack technique called DNSBomb (CVE-2024-33655), which exploits DNS queries and responses to achieve an amplification factor of 20,000x. DNSBomb capitalizes on legitimate DNS features to create high-volume bursts of traffic, overwhelming target systems. The attack uses IP-spoofing and withholding responses to aggregate replies, making it difficult to detect.

Mitigations and Recommendations

To mitigate the risks posed by CatDDoS and similar threats, organizations should:

Regularly Update Firmware and Software: Ensure all devices and software are updated to the latest versions to patch known vulnerabilities.
Employ Strong Security Practices: Use firewalls, intrusion detection systems, and robust security configurations to protect network devices.
Monitor Network Traffic: Implement logging and monitoring solutions to detect unusual traffic patterns and potential attacks.
Educate and Train Staff: Ensure IT staff are aware of the latest threats and best practices for securing network infrastructure.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: thehackernews.com

Source Link