› Forums › Security › News (Security) › The Massive Propagation of the Smominru Botnet
Tagged: Security_S12
- This topic has 1 voice and 0 replies.
-
AuthorPosts
-
-
October 16, 2019 at 8:31 am #36304
#News(Security) [ via IoTGroup ]
Headings…
The Massive Propagation of the Smominru Botnet
Scope and Victims
Victims Analysis and Statistics
Attack Flow
Eliminating Other Malicious Actors
Binary Payloads
Attack Infrastructure and Backend
Detection
Mitigation
IoCsAuto extracted Text……
Guardicore Labs gained access to one of the attackers’ core servers – one which stores victim information and credentials.
Monitoring the server’s contents over time enabled us to study infection patterns and draw conclusions of the extent of the campaign.
Guardicore Labs has informed identifiable victims and provided them with the details of their infected machines.
The attackers’ logs describe each infected host; its external and internal IP addresses, the operating system it runs and even the load on the system’s CPU(s).
Guardicore Labs decided to take a closer look at the nature of the victims to better understand who is in the crosshairs of Smominru’s (and similar groups’) attacks.
During August, the Smominru botnet infected 90,000 machines around the world, with an infection rate of 4,700 machines per day.
Countries with several thousands of infected machines include China, Taiwan, Russia, Brazil and the US.
Darker colors represent more infected countries.
Infected networks include US-based higher-education institutions, medical firms and even cyber security companies.
As the attacks were untargeted and did not discriminate against industries or targets, they reached victims in various sectors.
When discussing worms, there are no interesting and uninteresting targets – every vulnerable server is under attack.
Once it gains a foothold, Smominru attempts to move laterally and infect as many machines as possible inside the organization.
Within one month, more than 4,900 networks were infected by the worm.
Many of these networks had dozens of internal machines infected.
The largest network belongs to a healthcare provider in Italy with a total of 65 infected hosts.
Number of infected hosts per network
Not surprisingly, Windows 7 and Windows Server 2008 are the most infected operating systems, representing 85 percent of all infections.
Other victim operating systems include Windows Server 2012, Windows XP and Windows Server 2003
Read More..
AutoTextExtraction by Working BoT using SmartNews 1.0299999999 Build 26 Aug 2019
-
-
AuthorPosts
- You must be logged in to reply to this topic.