The Massive Propagation of the Smominru Botnet

Forums Security News (Security) The Massive Propagation of the Smominru Botnet

Tagged: 

  • This topic has 1 voice and 0 replies.
Viewing 0 reply threads
  • Author
    Posts
    • October 16, 2019 at 8:31 am #36304
      Telegram SmartBoT
      Moderator
      • Topic 5959
      • Replies 0
      • posts 5959
        @tgsmartbot

        #News(Security) [ via IoTGroup ]

        Headings…
        The Massive Propagation of the Smominru Botnet
        Scope and Victims
        Victims Analysis and Statistics
        Attack Flow
        Eliminating Other Malicious Actors
        Binary Payloads
        Attack Infrastructure and Backend
        Detection
        Mitigation
        IoCs

        Auto extracted Text……

        Guardicore Labs gained access to one of the attackers’ core servers – one which stores victim information and credentials.
        Monitoring the server’s contents over time enabled us to study infection patterns and draw conclusions of the extent of the campaign.
        Guardicore Labs has informed identifiable victims and provided them with the details of their infected machines.
        The attackers’ logs describe each infected host; its external and internal IP addresses, the operating system it runs and even the load on the system’s CPU(s).
        Guardicore Labs decided to take a closer look at the nature of the victims to better understand who is in the crosshairs of Smominru’s (and similar groups’) attacks.
        During August, the Smominru botnet infected 90,000 machines around the world, with an infection rate of 4,700 machines per day.
        Countries with several thousands of infected machines include China, Taiwan, Russia, Brazil and the US.
        Darker colors represent more infected countries.
        Infected networks include US-based higher-education institutions, medical firms and even cyber security companies.
        As the attacks were untargeted and did not discriminate against industries or targets, they reached victims in various sectors.
        When discussing worms, there are no interesting and uninteresting targets – every vulnerable server is under attack.
        Once it gains a foothold, Smominru attempts to move laterally and infect as many machines as possible inside the organization.
        Within one month, more than 4,900 networks were infected by the worm.
        Many of these networks had dozens of internal machines infected.
        The largest network belongs to a healthcare provider in Italy with a total of 65 infected hosts.
        Number of infected hosts per network
        Not surprisingly, Windows 7 and Windows Server 2008 are the most infected operating systems, representing 85 percent of all infections.
        Other victim operating systems include Windows Server 2012, Windows XP and Windows Server 2003

        Read More..
        AutoTextExtraction by Working BoT using SmartNews 1.0299999999 Build 26 Aug 2019

    • Author
      Posts
    Viewing 0 reply threads
    • You must be logged in to reply to this topic.