{"id":11848,"date":"2024-10-08T22:16:39","date_gmt":"2024-10-08T16:46:39","guid":{"rendered":"https:\/\/reconcybersecurity.com\/blogs\/?p=11848"},"modified":"2024-10-08T22:17:28","modified_gmt":"2024-10-08T16:47:28","slug":"gorilla-botnet-new-ddos-threat-built-from-mirai-targeting-100-countries","status":"publish","type":"post","link":"https:\/\/reconcybersecurity.com\/blogs\/gorilla-botnet-new-ddos-threat-built-from-mirai-targeting-100-countries\/","title":{"rendered":"Gorilla Botnet: New DDoS Threat Built from Mirai Targeting 100+ Countries"},"content":{"rendered":"\n<p>Cybersecurity experts have discovered a new botnet called <strong>Gorilla<\/strong> (also known as GorillaBot), which is built from the leaked <strong>Mirai botnet<\/strong> source code. This botnet is creating significant disruptions around the world.<\/p>\n\n\n\n<p>According to cybersecurity firm <strong>NSFOCUS<\/strong>, the Gorilla botnet launched <strong>over 300,000 attack commands<\/strong> between September 4 and September 27, 2024. On average, <strong>20,000 commands per day<\/strong> were used to perform distributed denial-of-service (<strong>DDoS<\/strong>) attacks, with a high intensity of attacks aimed at over <strong>100 countries<\/strong>. The main targets include universities, government websites, telecom companies, banks, gaming platforms, and gambling sectors. <strong>China, the U.S., Canada, and Germany<\/strong> have been the most affected.<\/p>\n\n\n\n<p>The Gorilla botnet uses various techniques to launch DDoS attacks, such as <strong><a href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/udp-flood-ddos-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">UDP flood<\/a>, <a href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/syn-flood-ddos-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">SYN flood<\/a>, and <a href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/what-is-an-ack-flood\/\" target=\"_blank\" rel=\"noopener\">ACK flood<\/a><\/strong> methods. These attacks generate large volumes of fake traffic, making it hard for victims to manage. The UDP protocol&#8217;s ability to spoof source IP addresses makes this type of attack especially dangerous.<\/p>\n\n\n\n<p>What makes Gorilla even more concerning is its capability to run on various systems, including <strong>ARM, MIPS, and x86<\/strong> processors. It also connects to one of five command-and-control (C2) servers to receive attack commands.<\/p>\n\n\n\n<p>In addition, Gorilla exploits a known security flaw in <strong>Apache Hadoop YARN RPC<\/strong>, which allows hackers to remotely control affected systems. Although this vulnerability has been abused since 2021, Gorilla continues to take advantage of it.<\/p>\n\n\n\n<p>Once the malware infects a device, it creates a service file that ensures it automatically runs whenever the system starts. It downloads and runs a malicious script from a remote server to maintain control over the device. Gorilla also uses encryption techniques to avoid detection, making it more challenging for cybersecurity experts to combat.<\/p>\n\n\n\n<p>The rise of the Gorilla botnet is a reminder of the ever-growing threats in the digital world. Businesses, governments, and individuals need to remain vigilant against these emerging attacks.<\/p>\n\n\n\n<p><strong>Want to learn how to defend against such sophisticated cyber threats? Enroll in our comprehensive <a href=\"https:\/\/reconcybersecurity.com\/best-cyber-security-professional-diploma-course-in-delhi\/\" target=\"_blank\" rel=\"noreferrer noopener\">One-Year Cybersecurity Diploma<\/a>, where we cover real-world security risks and solutions!<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"Cybersecurity experts have discovered a new botnet called Gorilla (also known as GorillaBot), which is built from the&hellip;\n","protected":false},"author":1,"featured_media":11849,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1,241,1083],"tags":[],"class_list":{"0":"post-11848","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-uncategorized","8":"category-it-knowledge","9":"category-latest-news"},"_links":{"self":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts\/11848","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/comments?post=11848"}],"version-history":[{"count":1,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts\/11848\/revisions"}],"predecessor-version":[{"id":11850,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/posts\/11848\/revisions\/11850"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/media\/11849"}],"wp:attachment":[{"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/media?parent=11848"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/categories?post=11848"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/reconcybersecurity.com\/blogs\/wp-json\/wp\/v2\/tags?post=11848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}