Different offshoots of the notorious Mirai botnet are behind a new surge of distributed denial-of-service (DDoS) attacks worldwide.

1. The first variant focuses on leveraging vulnerabilities in IoT assets to build "large-scale" botnet networks, while another has been launching DDoS attacks against organizations in Malaysia occupying the foremost position, followed by Thailand, Mexico, and Indonesia according to researchers from Qualys. affected countries, with Malaysia occupying the foremost position, followed by Thailand, Mexico, and Indonesia. The researchers from Qualys have uncovered an active Mirai-based operation known as "Murdoc_Botnet," which started in July and currently involves over 1,300 active IPs. This campaign is specifically targeting Avtech cameras and Huawei HG532 routers. ELF files and Shell script execution are utilized for deployment. This technique was already observed in 2024. The Murdoc Botnet is a well-known malware that attacks *nix systems, especially weak AVTECH and Huawei devices. It uses existing vulnerabilities (CVE-2024-7029, CVE-2017-17215) to download the next-stage payloads.
2. Secondly, another malware type derived from Mirai and Bashlite (aka Gafgyt and Lizkebab, among others) was observed by Trend Micro. Is infecting IoT assets by actively exploiting remote code execution (RCE) vulnerabilities and weak initial passwords. A disturbing side effect: The malware disables the watchdog timer, ensuring the device doesn’t restart even when experiencing high loads during DDoS attacks. This tactic has been seen before in variants of Mirai malware. Furthermore, the malware exploits the Linux iptables command to delay detection of the infection and to manipulate packets used in DDoS attacks. The attacks span across Asia, North America, South America, and Europe. When counting unique IP address strings (including specified IP ranges), the targets are mainly concentrated in North America and Europe, with the United States at 17%, Bahrain at 10%, and Poland at 9%.

These examples clearly outline the need need to prioritize security more than ever. The sophisticated and advanced tactics employed, such as ELF files and Shell script execution, manipulating iptables commands and disabling watchdog timers to evade detection - underscore the importance of robust, proactive cybersecurity measures using the Zero Tolerance principles. Making internet connected devices cyber resilient. That applies certainly to gateways as they are the bridge to all assets on the internal network. A typical household has an average of 21 connected assets!!! Without the right defenses in place, devices and networks remain vulnerable to malicious exploitation, leading to financial loss, reputation damage and operational disruptions.