Christopher Conrad

In the last 24 hours, Romania agreed to send Patriot missiles to Ukraine (apnews.com/article/romani…). Expect additional attacks on Romanian infrastructure by groups like NONAME057(16).

Investigation shows diverse attacking groups & targets. Threats include DDoS & ransomware targeting Romanian infrastructure (public.flourish.studio/visualisation/…).

ASERT's continued monitoring of #DDoS #hacktivism and geopolitical tensions uncovered a significant wave of attacks on #Romania staring in early June and continuing this week. These assaults are widespread, targeting various industries and involving numerous adversaries.

.@NETSCOUT released their 12th DDoS Threat Intelligence Report! 📈 Dive into the latest insights and trends as they dissect the strategies and methodologies used by adversaries against service providers, enterprises, and end-users. netscout.link/6005btoZX

In recent years, political changes in leadership are often accompanied with attacks in cyberspace by opposition or those that reject the viewpoints of elected leaders. This is even more true today with groups like #Killnet, #AnonymousSudan, and #NoName057 in the mix as they typically target countries perceived to be anti-muslim or that show support and solidarity in standing with #Ukraine.

Dive into the world of NoName057(16), a prolific DDoS threat actor with geopolitical motives. Uncover their use of custom malware, DDoSia attack tool, and innovative gamified recruitment. @NETSCOUT @ASERTResearch bit.ly/3U7WqGL

Bottom line: NETSCOUT data confirms a dangerous new phase in cyber crime is underway. Unprecedented growth in malicious botnets weaponizing the cloud against us.

Also new activity - scans increasing on ports 636, 993, 6002. Potential email server exploits next? What's the end game?

These devices are scanning the global internet. Key target ports: 80, 443, 3389, 5060, 6881, 8000, 8080, 8081, 808s, 8888 + more. Goal is expanding botnets to enable DDoS attacks, phishing & more down the line.

The biggest source is cheap/free cloud & hosting servers that attackers are turning into botnet launch pads. Trial/free/low cost accounts are providing anonymity & low cost.

Since then, daily scans have remained elevated. Previously, 20k high water marks are now in the region of 50-100K. Our analysis finds the activity is originating from just 5 key countries 🇺🇸🇻🇳🇨🇳🇹🇼🇷🇺

Then on Dec 29 all the flood gates opened. ~144K distinct devices scanned us in one day! Nearly 10X the normal traffic.

Scanning activity rose again Dec 28, with decreasing gaps in time between spikes.

Activity dropped briefly, returning to normal levels, before spiking again to ~43K on Dec 20 then declining again.

Normal distinct daily scan sources average ~10K, with ~20K high water marks. But starting Dec 8 we saw increases, hitting 35K.

🚨BREAKING: @NETSCOUT's @ASERTResearch detects spike in internet scanning indicating rise of malicious botnets. Unprecedented numbers... 🧵 public.flourish.studio/visualisation/…