Attacks with the CatDDoS malware botnet around the world have significantly ramped up, with the botnet's operators leveraging more than 80 known security vulnerabilities impacting numerous devices from Apache, Cisco, Huawei, Zyxel, and NETGEAR, among others during the last quarter, according to The Hacker News.
The U.S., France, Germany, Brazil, and China were the leading targets of the intrusions, which have been aimed across cloud vendors, construction organizations, education entities, and other sectors, a report from the QiAnXin XLab team revealed.
Further analysis of the CatDDoS botnet showed its use of the ChaCha20 algorithm for command-and-control server communications encryption — with algorithm key/nonce pairs shared with the VapeBot, hailBot, and Woodman distributed denial-of-service botnets — and an OpenNIC domain for concealed activity, said researchers, who noted that the malware continued to sprout new variants following its shutdown in December due to the release of its source code on Telegram.
Such a development comes amid the discovery of the DNSBomb pulsing denial-of-service technique that exploits common DNS mechanisms to enable a 20,000x amplification factor.
"The attack strategy involves IP-spoofing multiple DNS queries to a domain controlled by the attacker, then withholding responses to aggregate multiple replies. DNSBomb aims to overwhelm victims with periodic bursts of amplified traffic that are challenging to detect," said researcher Xiang Li of Tsinghua University NISL Lab.