Windows RDP servers being used to amplify DDOS attacks

There were warnings last year to expect the trend in size of DDoS attacks to continue in 2021. Per Catalin Cimpanu in ZDNet:

“Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to bounce and amplify junk traffic as part of DDoS attacks, security firm Nui said in an alert on Tuesday.”

Researchers say SQL server malware tied to Iranian Software Firm

MrbMiner was discovered last year, September 2020, uninvited on thousands of SQL servers. While they don’t know quite how it got on there, they are looking at a couple recent botnets, Lemon_Duck and MyKings, which represent the new gen in botnet attacks. Internet-facing, unpatched vulns but of note in these MrbMiner attacks is they don’t conceal their identity. Given the slew of sanctions Iran is under, it’s safe to say they no longer give a f*ck. They’ll take the money and run. Not unlike another heavily sanctioned nation state we know 😉