< ciso
brief />
Tag Banner

All news with #ddos tag

133 articles · page 2 of 7

Amazon CloudFront Adds WebSockets Support for VPC Origins

🔒 Amazon CloudFront now supports WebSockets through VPC origins, allowing customers to host real-time, bidirectional applications entirely in private subnets. You can place Application Load Balancers, Network Load Balancers, and EC2 instances inside private subnets and expose them via a CloudFront distribution as the single entry point. This reduces attack surface, simplifies security management, and brings built-in DDoS protection to WebSockets workloads. WebSockets via VPC origins is available in all AWS Commercial Regions that support VPC origins at no additional cost.
read more →

Romanian Leader of Swatting Ring Sentenced to 4 Years

🚨 A Romanian national, Thomasz Szabo, was sentenced to four years in U.S. federal prison after pleading guilty to conspiracy and threats involving explosives. Extradited from Romania in November 2024, Szabo led an online swatting community that organized bomb threats and swatting calls beginning in late 2020 and targeting more than 75 public officials, journalists, and religious institutions. The court also ordered three years of supervised release.
read more →

Anti-DDoS Firm Accused of Enabling Attacks on ISPs

🛡️ A Brazilian DDoS-mitigation firm, Huge Networks, was implicated in enabling a Mirai-based botnet that launched sustained DDoS attacks against regional Brazilian ISPs. An exposed archive contained Portuguese Python attack scripts, private SSH keys belonging to CEO Erick Nascimento, and tooling that mass-scanned for TP-Link Archer AX21 devices vulnerable to CVE-2023-1389. The CEO says the malicious activity followed a January 2026 intrusion, that affected droplets were wiped and keys rotated, and that a third-party forensics firm has been engaged.
read more →

Mirai Variant 'Nexcorium' Exploits TBK DVR, TP‑Link Flaws

🔒 Fortinet FortiGuard Labs and Palo Alto Networks Unit 42 report that threat actors are exploiting a command injection flaw, CVE-2024-3721, in TBK DVR devices to deliver a Mirai-family loader tracked as Nexcorium. The loader installs architecture-specific binaries, establishes persistence via crontab and systemd, and uses hard-coded credential lists plus an exploit for CVE-2017-17215 to spread to Huawei HG532 devices. Unit 42 also observed automated scans targeting EoL TP-Link routers via CVE-2023-33538, though initial attempts were flawed and did not achieve compromise. Researchers warn that unpatched, unsupported IoT devices and default credentials continue to enable large-scale DDoS botnets and recommend replacing EoL hardware and removing default passwords.
read more →

Nexcorium Mirai Variant Exploits TBK DVR Vulnerability

🛡️ FortiGuard Labs analyzed exploitation of CVE-2024-3721 against TBK DVR devices that delivered a Mirai-style, multi-architecture botnet named Nexcorium. The campaign used a downloader called "dvr" (nexuscorp-prefixed binaries) and a custom "X-Hacked-By" HTTP header linked to a suspected "Nexus Team" actor. Nexcorium includes scanning, brute-force credential lists, multiple persistence methods, integrity checks, and a broad DDoS toolkit controlled by a central C2.
read more →

International Operation Takedown of DDoS-for-Hire Services

🔒 A multinational law enforcement operation disrupted DDoS-for-hire infrastructure, seizing servers and databases and resulting in 53 domains being taken down and four arrests. Operation PowerOff, coordinated across 21 countries and outlined by Europol on April 16, removed backend components and more than 100 URLs advertising these services. Authorities recovered data on over three million criminal user accounts, sent roughly 75,000 warning notices to identified users, and posted additional warnings to cryptocurrency platforms to limit further abuse.
read more →

Operation PowerOFF Seizes 53 DDoS Domains, Four Arrested

🔒 Operation PowerOFF disrupted 53 domains tied to commercial DDoS-for-hire services and resulted in four arrests. Authorities seized servers and supporting infrastructure and obtained access to databases containing over 3 million criminal user accounts linked to more than 75,000 alleged attackers, issuing 25 search warrants. Law enforcement partners across 21 countries coordinated domain seizures, infrastructure disruption, and notification efforts to hinder further attacks and support follow-up investigations.
read more →

Operation PowerOFF IDs 75K DDoS Users, Shuts Domains

🔎 Operation PowerOFF has notified more than 75,000 suspected users of DDoS-for-hire platforms and taken 53 domains offline as part of a coordinated international law enforcement effort. Supported by Europol and authorities across 21 countries, the action included four arrests, 25 search warrants, and the dismantling of critical booter infrastructure. The operation is now shifting into a prevention phase featuring awareness campaigns, search-engine ad interventions, URL removals, and on-chain payment warnings to deter future abuse.
read more →

Cloudflare Reaches 500 Tbps Capacity Across 330+ Cities

🚀 Cloudflare announced it has provisioned 500 Tbps of external interconnection capacity across 330+ cities, a milestone reflecting 16 years of global network scaling. This figure represents aggregate provisioned ports to transit providers, IXPs, private peers and CNI — not peak traffic, with the unused portion reserved as the DDoS budget. The company attributes resilience to running security and developer platforms on every server and to automated, server‑level mitigation using eBPF, dosd and global propagation via Quicksilver.
read more →

Arelion Enhances DDoS Defenses with NETSCOUT Arbor

🛡️ Arelion has expanded its DDoS protection capabilities by deepening its partnership with NETSCOUT, building on over 16 years of collaboration. NETSCOUT introduced enhancements — Sightline with the Sentinel orchestration add-on, the ATLAS Intelligence Feed (AIF) for TMS, and Adaptive DDoS Protection (ADP) — to improve automation, threat intelligence, and mitigation scaling. These upgrades increase visibility and automated response across Arelion’s global backbone, improving protection for both internal systems and customer services.
read more →

NETSCOUT Arbor Threat Mitigation Wins Multiple G2 Badges

🛡️ NETSCOUT’s Arbor Threat Mitigation System (TMS) earned five G2 winter 2026 badges, including Leader distinctions for Enterprise DDoS Protection, DDoS Protection, and Web Security, plus a regional nod in Asia. Arbor Sightline also secured a leader badge for enterprise network management. G2 awards reflect verified user reviews and NETSCOUT’s market presence; customers praise AI/ML-driven visibility, automated defenses, and carrier-grade, hybrid/cloud mitigation.
read more →

Botnet DDoS Escalation: AI, IoT, and Multiterabit Threats

📈 NETSCOUT’s ATLAS platform recorded more than 8 million DDoS attacks across 203 countries during the second half of 2025, revealing a decisive shift toward multiterabit capacity and AI-enabled operations. IoT-based botnets such as Aisuru and TurboMirai variants produced demonstration floods up to 30Tbps and 4Gpps, while dark-web LLMs and conversational interfaces lowered the barrier for complex, multivector campaigns. Persistent pressure on DNS root servers and NTP services highlighted the importance of globally distributed, intelligence-driven defenses.
read more →

Masjesu (XorBot) Botnet: Stealthy DDoS-for-Hire Service

🛡️Masjesu, also tracked as XorBot, is a stealthy DDoS-for-hire botnet that targets diverse IoT devices including routers, gateways, cameras, DVRs and NVRs. First observed in 2023 and updated through 2024, it uses XOR-based obfuscation, avoids blocklisted ranges (including DoD IPs), and emphasizes persistence and low visibility. After binding a hard-coded TCP port (55988) the malware establishes persistence, disables common tools like wget and curl, and connects to remote controllers to receive flood commands. Its traffic is concentrated in Vietnam, Ukraine, Iran, Brazil, Kenya and India, with Vietnam accounting for nearly half of observed activity.
read more →

Programmable Flow Protection for Custom UDP DDoS Mitigation

🛡️Programmable Flow Protection lets Magic Transit customers author and deploy custom eBPF programs across Cloudflare’s global edge to define what constitutes legitimate UDP traffic. Programs run in a verified userspace BPF VM and can pass, drop, or challenge packets using helper functions for state, cryptographic validation, and challenge emission. In beta for Magic Transit Enterprise customers, the feature enables stateful, protocol-aware DDoS mitigation that distinguishes legitimate clients from scripted or replay attacks.
read more →

Global DDoS Attacks Double, Peak Volumes Soar in 2025

🛡️Gcore's semiannual Radar report found that registered DDoS attacks doubled in the second half of 2025 versus the first half, rising to about 2.25 million incidents and bringing the year total to 3.42 million. Peak attack throughput jumped to 12 Tbit/s compared with 2.2 Tbit/s in 2024. Network-layer volumetric strikes made up 82% of events—about three quarters lasting under a minute and 84% using UDP floods—while the remaining 18% were longer, targeted application-layer attacks against APIs, authentication and backend systems. Technology, financial services and gaming firms were the most frequently targeted sectors.
read more →

Dismantling Major Botnets Disrupts Global DDoS Rings

🛡️ Law enforcement in Germany, Canada and the United States have jointly disrupted two of the world’s largest DDoS botnets, taking critical infrastructure offline and seizing evidence. The operation targeted Aisuru, which infected poorly secured IoT devices, and the related Kimwolf, which focused on Android and consumer devices. Authorities recovered multiple data carriers and seized five-figure cryptocurrency holdings, though arrests were limited and the criminal network is not yet fully dismantled.
read more →

International Takedown Disrupts Four Major IoT Botnets

🚨 U.S., German, and Canadian authorities dismantled command-and-control infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad IoT botnets, seizing virtual servers, domains, and related assets. The Justice Department says the four botnets had ensnared more than three million devices and issued hundreds of thousands of DDoS commands, including record-setting attacks by Aisuru. Private firms such as Akamai assisted, warning the campaigns disrupted ISP services and even targeted government IPs including DoDIN.
read more →

DoJ Disrupts 3 Million-Device IoT Botnets Behind 31.4 Tbps

🔒 The U.S. Department of Justice announced a court-authorized operation that disrupted command-and-control infrastructure used by multiple IoT Mirai variants, including AISURU, Kimwolf, JackSkid, and Mossad. Authorities from Canada and Germany, assisted by major vendors such as AWS, Cloudflare, and Akamai, helped dismantle networks that collectively enslaved roughly 3 million devices and enabled record-breaking DDoS attacks exceeding 30 Tbps. The action seeks to curb a cybercrime-as-a-service market that sold access to compromised DVRs, webcams, routers, and off-brand Android TVs.
read more →

Feds Disrupt Four IoT Botnets Behind Massive DDoS Attacks

🛡️ The U.S. Justice Department, with Canadian and German partners, dismantled infrastructure for four major IoT botnets — Aisuru, Kimwolf, JackSkid and Mossad — that compromised more than three million devices and launched hundreds of thousands of DDoS attacks. The action targeted U.S.-registered domains and virtual servers and aimed to stop further infections and future attacks. Law enforcement credited nearly two dozen tech firms for assisting in the operation.
read more →

Eon Reports Tenfold Increase in Cyberattacks on Grid

⚡Eon reports a sharp rise in cyberattacks on its power distribution networks, now seeing several hundred daily probes—a tenfold increase compared with five years ago, board member Thomas König said. The company highlights the security challenges of an increasingly digitized grid. Eon engages external providers to run attack simulations and strengthen defences while operating about one third of Germany's distribution network.
read more →