Automated Mirai, Mozi, and Gafgyt botnet intrusions have significantly increased, mostly impacting PHP servers due to their utilization of Craft CMS, WordPress, and other content management systems, according to The Hacker News.Botnet attacks aimed at PHP servers involved the exploitation of PHPUnit, Laravel, and ThinkPHP Framework remote code execution flaws, tracked as CVE-2017-9841, CVE-2021-3129, and CVE-2022-47945, respectively, a Qualys Threat Research Unit report showed. Threat actors have also used query strings to trigger Xdebug debugging sessions to enable data extraction.Widely known Internet of Things device vulnerabilities including the Spring Cloud Gateway RCE, tracked as CVE-2022-22947, the TBK DVR-4104 and DVR-4216 command injection bug, tracked as CVE-2024-3721, and an MVPower DVR misconfiguration were also abused in botnet attacks."Today's threat actors don't need to be highly sophisticated to be effective. With widely available exploit kits, botnet frameworks, and scanning tools, even entry-level attackers can cause significant damage," said Qualys researchers.Such findings come after the Aisuru botnet was classified by Netscout researchers as a TurboMirai malware for its ability to power DDoS attacks surpassing 20 Tbps.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds