Open knowledge base details botnet threats

July 02, 2020 //By Rich Pell
Botnet encyclopedia launched to fight cybercrime
Data center and cloud security company Guardicore Labs has launched an open knowledge base of persistent botnet threats that provides a continuously updated universal knowledge base of past and present botnet campaigns researched by the Labs team.

The Botnet Encyclopedia , says the company, showcases the greatest threats to enterprise security - many of which are previously unknown to the cybersecurity community - in a single, open location. It is powered by the Guardicore Global Sensors Network (GGSN) - a network of detection sensors deployed in data centers and cloud environments around the world, capable of capturing and recording complete attack flows to the highest resolution.

The encyclopedia is designed to allow security teams, IT teams, researchers and the cybersecurity community at large to better understand and protect themselves from persistent and advanced threats, identified as campaigns. One of the first Botnet Encyclopedia campaign entries is FritzFrog, a mass-scale attack campaign active since January 2020 in which a sophisticated Golang binary is deployed on brute-forced Secure Shell (SSH) servers.

The company's research identifies FritzFrog as a highly concerning peer-to-peer botnet with no centralized infrastructure, rather one in which control is distributed among its nodes. Its discovery as a decentralized worm, says the company, makes it particularly unusual and dangerous. In addition, the research team identified racist terminology hard coded in the malware.

"FritzFrog is the type of threat that must be recognized as a campaign due to its operational longevity and danger it presents, particularly as a previously unknown threat," says Ophir Harpaz, security researcher, Guardicore. "It's our mission to bring these campaigns to light on a rolling basis and provide a level of context unavailable in any other public knowledge base in order to equip the cybersecurity community with the required information to defend itself and mitigate risk."

Botnets can be found within the encyclopedia using free-text search, allowing users to search all entries using any type of indicator of compromise (IOC) - IP addresses, domains, file names, names of services and scheduled tasks, and more. Extending beyond common cyber threat intelligence feeds and services, the Botnet Encyclopedia contextualizes advanced threats with tiered analysis including:

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.