Novel Cayosin botnet indicates Diicot’s DDoS ambitions

Romanian threat operation Diicot, which was initially discovered to be involved in cryptojacking, was observed to have distributed the Cayosin botnet, suggesting the group's new capabilities to conduct distributed denial-of-service attacks, The Hacker News reports. Such a botnet, which resembles Mirai and Qbot, has been targeted by Diicot at routers on the OpenWrt operating system, according to a Cado Security report. "The use of Cayosin demonstrates Diicot's willingness to conduct a variety of attacks (not just cryptojacking) depending on the type of targets they encounter," said researchers. Aside from Cayosin, the threat group was also observed to leverage the Zmap-based Chrome internet scanner, the Update executable, and the History shell script to facilitate cryptominer deployment. "This campaign specifically targets SSH servers exposed to the internet with password authentication enabled. The username/password list they use is relatively limited and includes default and easily-guessed credential pairs," said researchers, who recommended the implementation of more robust SSH and firewall defenses.