Threat Management, Risk Assessments/Management

Novel hybrid Enemybot malware prompts DDoS attacks

Numerous Internet of Things devices, routers, and server architectures are being targeted by the new Enemybot distributed denial-of-service botnet, which contains modules from the Mirai and Gafgyt botnets' source codes, ZDNet reports. Researchers from FortiGuard Labs have determined that the Keksec threat group has been operating Enemybot, which has been aimed at launching attacks against routers from D-Link, Netgear, Zhone, iRZ, and Seowon Tech, as well as misconfigured Android devices. Keksec has also used Enemybot to target server and desktop systems running on arm and arm64, BSD, and Darwin. "This mix of exploits targeting web servers and applications beyond the usual IoT devices, coupled with the wide range of supported architectures, might be a sign of Keksec testing the viability of expanding the botnet beyond low-resource IoT devices for more than just DDoS attacks," said researchers. More versions of Enemybot, which is still under development, are expected soon, they added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.