Two new botnets joined the fray in conducting DDoS attacks

April 21, 2022
Botnets DDoS Cyberattacks Enemybot Fodcha Vulnerability Exploit IoT Devices

The Enemybot and the Fodcha botnets have been trying to compromise numerous targets globally by abusing multiple flaws in routers, modems, and Internet of Things (IoT) devices. These two newly discovered botnets can perform distributed denial-of-service attacks on any location.

Enemybot and Fodcha are the newest addition to the long lists of botnets that will try to inflict damage to many users so they can earn monetary profit and execute malicious activities. Experts claim that these two botnets are just the tip of the iceberg, which implies that there are more to come soon.

 

Fodcha and Enemybot botnets exploit several vulnerabilities, respectively.

 

The Fodcha botnet has been eyeing servers, DVRs, and routers to infect over a hundred victims per day in distributed denial-of-service campaigns. Additionally, it has already spread to more than 60,000 devices with unique IP addresses between the end of March to the first week of April.

Unfortunately, the daily running bots under its command average from about 10,000 to over 50,000 devices. Most of the bots controlled by the Fodcha botnet are spotted using the services owned by China Unicom and China Telecom.

The devices and critical flaws prioritised by Fodcha include ZHONE, CVE-2021-35394, TOTOLINK routers, MVPower DVR CVE-2021-22205, Android ADB Debug Server RCE, and LILIN DVR.

On the other hand, Enemybot has increased its spree of infected devices by utilising clever techniques. Its initial transmission vector is dropping a message in a file claiming that it is affiliated with the Keksec group.

This Mirai-based botnet includes a string of elusive strategies while its command-and-control server obfuscates itself behind Tor nodes. Therefore, it is tough for researchers to control and identify its movements.

This botnet attempts to abuse several vulnerabilities such as CVE-2022-27226, CVE-2018-10823, CVE-2017-18368, CVE-2022-25075, CVE-2018-20062, CVE-2020-17456, and CVE-2016-6277.

These recent botnet attacks indicate the severe problem of unpatched and outdated devices and services in a network. The most effective and standard method to hinder or avoid such attacks is updating any abusable flaws in routers or other IoT devices.

Users can also conduct a manual hard reset and change the password of the compromised machine.

About the author

Leave a Reply