New Gorilla Botnet Launches Widespread DDoS Attacks Across Over 100 Countries
A significant cybersecurity threat has emerged with the introduction of the Gorilla Botnet, which is executing extensive distributed denial-of-service (DDoS) attacks targeting more than 300,000 systems globally. According to cybersecurity firm NSFOCUS, this botnet, operational since September 2024, is leveraging advanced methodologies inspired by the notorious Mirai botnet to proliferate its attacks across over 100 nations.
The Gorilla Botnet operates using a network of compromised Internet of Things (IoT) devices, effectively transforming them into a coordinated attack force. This botnet specifically aims at disrupting access to critical infrastructure, including universities, governmental entities, financial institutions, and gaming platforms, resulting in significant operational challenges for many organizations.
What distinguishes the Gorilla Botnet is its sophisticated use of encryption, which conceals crucial operational data and allows for enduring control over infected devices. The botnet is compatible with various CPU architectures, broadening its reach to encompass a wide range of devices. Additionally, its decentralized command and control (C&C) model enables it to utilize diverse attack strategies such as UDP Flood, ACK Bypass Flood, and VSE Flood. By using connectionless protocols like UDP, the botnet can effortlessly spoof its IP origin, making it harder to trace.
Since its detection, the Gorilla Botnet has exhibited a staggering operational tempo, issuing an average of 20,000 attack commands daily. The aggressive targeting includes economically significant countries such as China, Canada, Germany, and the United States. The scale and frequency of these assaults point to an operation that not only desires disruption but is also sophisticated enough to evade conventional detection measures.
In terms of adversarial tactics, the Gorilla Botnet aligns with several techniques outlined in the MITRE ATT&CK framework. The botnet likely employs tactics such as initial access through device exploitation and persistence via the utilization of vulnerabilities like the Apache Hadoop YARN RPC flaw. Additionally, the botnet’s method of ensuring automatic execution of services at system startup exemplifies its focus on maintaining a foothold within compromised environments.
As organizations grapple with this escalating threat, they must bolster their cybersecurity defenses. Implementing robust firewalls can help block suspicious traffic, while intrusion detection systems play a crucial role in identifying anomalous activity in real-time. Furthermore, organizations are encouraged to invest in cloud-based DDoS mitigation solutions to safeguard against high-capacity attacks and minimize potential operational downtime.
With the Gorilla Botnet’s relentless onslaught and evolving capabilities, business leaders must remain vigilant and proactive in their cybersecurity strategies. The landscape of threats continues to evolve, and adapting swiftly to these changes is imperative for protecting sensitive information and ensuring operational integrity in increasingly interconnected environments.
