The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
Cloudflare countered the most powerful DDoS attack ever: 1.72 million rps. The aggression was launched by more than 20,000 Mirai’s bots in 125 countries. Many of them originated from Indonesia, India and Brazil
A huge DDoS cyber attack, maybe the most powerful until now, has been countered by Cloudflare cybersecurity experts. Researchers report about a 1.72 million request-per-second (rps). The aggression was launched by the Mirai botnet, targeting a company in the financial industry. The attack traffic originated from more than 20,000 bots in 125 countries around the world. Based on the bots’ source IP addresses, almost 15% of originated from Indonesia and another 17% from India and Brazil combined, indicating that there may be many malware infected devices in those countries. Mirai spreads by infecting Linux-operated IoT devices such as security cameras and routers. It then self-propagates by searching for open Telnet ports 23 and 2323. Once found, it then attempts to gain access to vulnerable devices by brute forcing known credentials such as factory default usernames and passwords. Later variants also took advantage of zero-day exploits in routers and other devices.