Sixteen Ddos attacks occur every minute of the world. Analysts note that in 2019 this number increased by 87%. As a result of research, Bitdefender’s anti-virus software developers reported the discovery of the most powerful botnet in history; capable of taking control of thousands of devices from different manufacturers around the world.
What is botnet?
A botnet, short for “robot network”, is a collection of internet-connected computers infected by malware that allow hackers to control them.
How can be used?
Cyber criminals use botnets to initiate botnet attacks, which include malicious activities such as credentials leaks, unauthorized access, data theft and DDoS attacks. In order to breach the security of several users’ computers.
What is DDos Attack?
Distributed denial-of-service attacks that take websites and other online services offline by flooding the bandwidth or resources of a targeted system using traffic.
What is dark_nexus?
dark_nexus is an IoT botnet spotted on the landscape. Its primary purpose is to perform distributed denial-of-service attacks.
Most of its victims are gadgets of the Internet of Things (Iot). The unique ability of dark_nexus is to combine the most advanced features of dozens of popular botnets. In three months of observation, the creators of the program made at least 30 updates, expanding botnet capabilities and attacking skills. Currently, dark_nexus can affect 1,372 different types of devices, from routers to surveillance cameras.
The source code of dark_nexus is based on heavily modified malware Qbot and Mirai. However, unlike its predecessors, it is much more efficient, powerful, and reliable. The program is able to hack systems by either overriding simple passwords or using known vulnerabilities. dark_nexus attacks a wide range of electronics thanks to the support of many chips from a variety of manufacturers.
«Storming» gadget, botnet sends a command «refusal of service» masquerading as safe traffic. It overloads the channel, causing its processes to be listed in a white list. To do so, it uses a rating system, assigning itself a high level of reliability, while lowering or deactivating processes that may harm it. For example, dark_nexus blocks the possibility of reboot, which leads to the removal of botnets.
The Greek Helios, what is it and where does it come from?
In one of the early versions of the botnet, the line «@ greek.helios» was found. The Bitdefender experts were able to link the name to an unknown individual who sold malware to Iot bot networks and Ddos via a personal Youtube channel. The most active botnet is in China, 653 compromised nodes. The list of affected countries includes South Korea (261 cases), Thailand (172), Brazil (151), Russia (148), USA (68). Experts believe that dark_nexus will continue to grow in the near future.
