More than 300,000 distributed denial-of-service attacks have been deployed by the novel Gorilla botnet, also known as GorillaBot, against organizations in the telecommunications, banking, education, government, gaming, and gambling industries across over 100 countries between September 4 and September 27, reports The Hacker News.
China, the U.S., Canada, and Germany were most targeted by attacks with the Mirai source code-based Gorilla botnet, which involved the exploitation of UDP flood, Valve Source Engine flood, ACK BYPASS flood, ACK flood, and SYN flood techniques, as well as an old Apache Hadoop YARN RPC vulnerability, an analysis from NSFOCUS revealed. "[Gorilla] introduced various DDoS attack methods and used encryption algorithms commonly employed by the Keksec group to hide key information, while employing multiple techniques to maintain long-term control over IoT devices and cloud hosts, demonstrating a high level of counter-detection awareness as an emerging botnet family," said NSFOCUS researchers. On the other hand, the Gorilla botnet was noted by cybersecurity researcher Fox_threatintel to have been leveraged in attacks for more than a year.