New HinataBot Malware Used to Launch DDoS Attacks
A new kind of botnet malware, known as HinataBot, is being used to launch DDoS attacks. The botnet may have the ability to launch DDoS attacks of 3.3 Tbps in size.
A New Botnet Malware Poses a Huge Risk
Various organizations have been targeted via distributed denial of service (DDoS) attacks by HinataBot, a new botnet malware. The malware is based on the Go programming language, and seems to be inspired by the Mirai botnet.
HinataBot was discovered by Akamai, a cybersecurity and cloud service company, by its Security Intelligence Response Team (SIRT). In an Akamai blog post, it was written that HinataBot “was seen being distributed during the first three months of 2023 and is actively being updated by the authors/operators.”
Akamai also stated that the HinataBot malware “was discovered in HTTP and SSH honeypots abusing old vulnerabilities and weak credentials.” These vulnerabilities include CVE-2017-17215 and CVE-2014-8361.
HinataBot May Be Used to Launch 3.3 Tbps DDoS Attacks
Numerous entities have been targeted by HinataBot in order to create zombie devices, including Hadoop YARN servers, Realtek SDK’s miniigd SOAP service, and Huawei routers. But what’s particularly concerning here is HinataBot’s potential DDoS power.
By using its 10-second sample sets, Akamai was able to determine that “with 10,000 nodes (roughly 6.9% of the size of Mirai at its peak), the UDP flood would weigh in at more than 3.3 Tbps” using HinataBot. Akamai also stated that “the HTTP flood at 1,000 nodes would generate roughly 2.7 Gbps and more than 2 Mrps,” and, at 10,000 nodes, these numbers “jump to 27 Gbps delivering 20.4 Mrps.”
This size of DDoS attack could cause a lot of damage, as it has the ability to overwhelm targets with an extremely large volume of traffic.
Older Techniques Are Being Used to Launch New Attacks
In the aforementioned blog post, Akamai observed that, by using older methods, attackers can “focus more on curating pieces that evade detection, continuously evolve, and add new functionality.” In other words, malicious actors are relying on proven methods so that they have more time to heighten the sophistication of their attacks.
Akamai also concluded that these HinataBot attacks stand as “yet another example of why strong password and patching policies are more critical than ever.”
Botnets Continue to Be Effective Attack Vectors
There’s no doubt that botnets pose a huge risk to online platforms. This form of malware gives malicious actors the ability to launch large-scale attacks, often on well-known organizations. There’s no telling how HinataBot will be used next, but its capabilities are certainly a concern.