CatDDoS-Related Gangs Ramp Up Attacks Exploiting Over 80 Vulnerabilities

A recent report from XLab’s Cyber Threat Insight Analysis (CTIA) system paints a concerning picture of the ever-evolving threat landscape. CatDDoS-related botnets, a family of malware strains derived from the infamous Mirai botnet, are experiencing a resurgence in activity, exploiting over 80 vulnerabilities in the last three months alone. These attacks have impacted a wide range of targets, with daily counts exceeding 300.

Vulnerabilities Under Siege

CatDDoS-related gangs have leveraged a wide array of vulnerabilities across multiple vendor devices. These include, but are not limited to, security flaws in products from Apache, Cisco, D-Link, Huawei, Jenkins, and TP-Link. The exploitation of these vulnerabilities enables the deployment of DDoS attack samples, creating a vast network of compromised devices.

Image: XLab

Global Reach, Diverse Targets

CatDDoS-related botnets are casting a wide net, targeting victims across the globe. The primary focus appears to be on the United States, France, Germany, Brazil, and China, spanning various industries such as cloud services, education, research, and government.

Evolution and Adaptability

CatDDoS first emerged in 2023, and despite a reported shutdown in December 2023, it has spawned numerous variants like RebirthLTD, Komaru, and Cecilio Network. This illustrates the resilience and adaptability of these botnets, as well as the challenges in combating their ever-changing tactics.

The Dark Side of Template Sharing and “Cannibalism”

The report also delves into the intriguing phenomenon of “template sharing” among threat actors, where different groups utilize the same malware source code with minor modifications. This practice, coupled with the observed “cannibalism” of attacking competing botnet infrastructures, provides a glimpse into the complex and competitive dynamics of the cybercriminal underworld.

Undisclosed Variant: v-snow_slide

XLab’s research uncovered a previously undisclosed CatDDoS variant named v-snow_slide. This variant exhibits striking similarities to the Fodcha botnet, raising questions about potential connections and the resurgence of old threats.

Recommendations for Mitigation

In light of this escalating threat, organizations and individuals are urged to take proactive measures to protect themselves:

• Patch and Update: Keep all software and firmware updated with the latest security patches to mitigate known vulnerabilities.
• Strong Passwords: Enforce strong, unique passwords and implement multi-factor authentication wherever possible.
• Network Monitoring: Monitor network traffic for suspicious activity and deploy intrusion detection and prevention systems.
• Security Awareness Training: Educate users about the risks of phishing and social engineering attacks, which are often used to deliver malware payloads.