Daily Perk 1/22/21

Windows RDP servers being used to amplify DDOS attacks

There were warnings last year to expect the trend in size of DDoS attacks to continue in 2021. Per Catalin Cimpanu in ZDNet:

“Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to bounce and amplify junk traffic as part of DDoS attacks, security firm Nui said in an alert on Tuesday.”

Researchers say SQL server malware tied to Iranian Software Firm

MrbMiner was discovered last year, September 2020, uninvited on thousands of SQL servers. While they don’t know quite how it got on there, they are looking at a couple recent botnets, Lemon_Duck and MyKings, which represent the new gen in botnet attacks. Internet-facing, unpatched vulns but of note in these MrbMiner attacks is they don’t conceal their identity. Given the slew of sanctions Iran is under, it’s safe to say they no longer give a f*ck. They’ll take the money and run. Not unlike another heavily sanctioned nation state we know 😉

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s