Botconf Author Listing

We have seen a massive spike in malicious crypto mining campaigns killing themselves for the chance to have their victim’s CPU. The shorter and shorter time window between vulnerability disclosure and cryptojacking opportunistic attacks taking advantage of them may help us to understand how profitable they are to the point of getting priority over ransomware attacks. This article consists of a walk-through on a remarkable incident caused by an eager and clumsy attacker which ended up revealing multiple cryptojacking campaigns targeting large organizations across the world in early 2018.

From DDoS attacks to malicious code propagation, Botnets continue to represent a strength threat to entities and users connected to the Internet and, due to this, continue to be an important research area. The power of those numerous networks proved us its power when they interrupted great part of the Internet causing impacts to companies like Twitter and Netflix when Mirai P2P Botnet targeted Dyn company’s DNS services back in 2016. In this paper, we present the study that allowed us to find out a “Mirai-like” botnet called Rakos – from our high interactivity honeypot recruitment to the detailed analysis and exploitation of this botnet C&C protocol using crawling and node-injection methods to enumerate and estimate its size. Our contribution includes also a comparison between two P2P botnet exploration methods used in our research and in which situations they may be better suitable in further analysis. Additionally, we propose the term “transient” to designate botnets formed by malware that does not use persistence on the compromised system as this tends to be usual amongst modern threats to IoT (Internet of Things) devices.