The Rise of GorillaBot: A New Mirai Variant Causing Chaos

In a recent surge of cyberattacks, a new Mirai variant known as GorillaBot has been wreaking havoc across the globe. According to reports, last month saw a staggering 300,000 Distributed Denial-of-Service (DDoS) attacks launched by GorillaBot, impacting approximately 20,000 organizations worldwide, with nearly 4,000 of them located in the United States.

The attacks orchestrated by GorillaBot have been particularly concerning, with 41% of the assaults aiming to flood target networks with User Datagram Protocol (UDP) packets, commonly associated with gaming and video streaming. Additionally, almost a quarter of the attacks utilized TCP ACK Bypass flood tactics, overwhelming targets with a plethora of spoofed TCP Acknowledgement (ACK) packets.

Researchers at NSFocus, who have been closely monitoring GorillaBot, discovered that the threat actor behind the attacks has incorporated a range of DDoS methods into the Trojan, resulting in a total of 19 attack techniques. This expanded arsenal poses a significant challenge for organizations trying to defend against such multifaceted attacks.

The relentless nature of GorillaBot’s operations was evident in the utilization of five built-in command-and-control servers to incessantly issue attack commands, peaking at 20,000 commands in a single day. China bore the brunt of these assaults, followed by the US, Canada, and Germany, highlighting the global impact of this malicious activity.

As the prevalence of bad bots like GorillaBot continues to rise, cybersecurity experts are emphasizing the critical need for robust defenses against DDoS attacks in order to safeguard organizations from potential disruptions and downtime caused by these malicious trends.