< ciso
brief />
Tag Banner

All news with #ddos tag

133 articles · page 4 of 7

Weekly Cyber Recap: AI Skill Risks and Massive DDoS

🔐 This week's briefing highlights attackers abusing trust across AI agents, update channels, and developer ecosystems. OpenClaw announced a partnership with VirusTotal to scan ClawHub skills after researchers discovered malicious packages and explosive typosquatting growth. High‑impact incidents include a 31.4 Tbps AISURU DDoS, a Notepad++ updater compromise delivering the Chrysalis backdoor, and an RCE in Docker's Ask Gordon AI assistant. Security teams should prioritize update integrity, supply‑chain controls, and agentic AI hygiene.
read more →

AISURU/Kimwolf Botnet Launches Record 31.4 Tbps DDoS

🚨 Cloudflare attributed a record hyper‑volumetric HTTP DDoS to the AISURU/Kimwolf botnet that peaked at 31.4 Tbps and lasted 35 seconds in November 2025. The group was also linked to a campaign codenamed The Night Before Christmas, which began on December 19, 2025, and produced averages near 3 Bpps, 4 Tbps and 54 Mrps. Google and Cloudflare disrupted the IPIDEA residential proxy network used to recruit more than 2 million Android devices.
read more →

2025 Q4 DDoS Report: Record 31.4 Tbps Attack and Botnet

🛡️ Cloudflare's 24th Quarterly DDoS Threat Report documents a record-setting 2025 capped by a 31.4 Tbps attack and a late-December campaign from the Aisuru-Kimwolf botnet. The firm observed a 121% year-over-year surge in DDoS activity, averaging 5,376 mitigations per hour and a tripling of network-layer assaults to 34.4 million. Hyper-volumetric HTTP floods—largely from infected Android TVs—peaked above 200 Mrps and targeted telcos, gaming, and AI providers, while Cloudflare's autonomous defenses automatically detected and mitigated these incidents.
read more →

Three Disruptive Cyber Trends Impacting Financial Services

🔍 The financial sector saw cyber incidents more than double in 2025 (864 → 1,858), driven by three dominant trends: surging DDoS campaigns, a sharp rise in data breaches and leaks, and the commercialization of cybercrime-as-a-service. These threats exploited weaknesses in cloud security, identity governance, and third-party risk. Banks and fintechs must accelerate adoption of layered defenses, continuous monitoring, and stronger vendor controls to maintain resilience.
read more →

Scattered Lapsus Shiny Hunters: Extortion Tactics Exposed

🔒 A prolific English-language extortion gang calling itself Scattered Lapsus Shiny Hunters (SLSH) combines data theft with coordinated harassment — swatting, DDoS, and call- and email-flooding — to pressure victims into paying. Allison Nixon of Unit 221B and forensic analysis from Mandiant trace recent incidents to early–mid January 2026, when attackers used phone-based phishing to harvest SSO and MFA codes. Nixon warns SLSH is fractious and untrustworthy, and advises organizations that negotiating beyond a firm refusal generally escalates harm and provides attackers information useful for later fraud.
read more →

Weekly Cyber Recap: Proxy Botnet and Office Zero‑Day

🛡️ Google disrupted the IPIDEA residential proxy network by seizing or sinkholing command-and-control domains, cutting operators' ability to route traffic and reducing millions of exit nodes that had been recruited via bundled SDKs or monetization lures. Microsoft released an out‑of‑band patch for an actively exploited Office zero‑day (CVE-2026-21509), while Ivanti fixed two EPMM RCEs. CERT Polska attributed destructive intrusions against Polish energy assets to Static Tundra, and criminals were observed hijacking exposed LLM endpoints for resale and lateral access. Researchers also documented new modular frameworks, open BYOB C2 repositories, and continued exploitation of web platforms and DevOps tooling.
read more →

Google Disrupts IPIDEA Residential Proxy Network at Scale

🔒 Google Threat Intelligence Group, working with industry partners, disrupted the IPIDEA residential proxy network by taking down domains, infected-device management systems, and proxy-traffic routing infrastructure. The operation targeted SDKs embedded in at least 600 trojanized Android apps and over 3,000 malicious Windows binaries, which collectively enrolled about 6.7 million devices worldwide. GTIG reported that more than 550 distinct threat groups abused IPIDEA for account takeovers, credential theft, botnet control, and DDoS support; users should avoid untrusted VPNs and apps that pay for bandwidth.
read more →

Aisuru Botnet Launches Record 31.4 Tbps DDoS Attack

🔴 Cloudflare says the Aisuru/Kimwolf botnet launched a record DDoS campaign on December 19 that peaked at 31.4 Tbps and about 200 million requests per second. The attacks, dubbed The Night Before Christmas, targeted telecommunications and IT providers and hit Cloudflare’s dashboard and infrastructure. Sources were identified as compromised Android TVs rather than typical IoT routers, and most bursts lasted one to two minutes. Cloudflare reports the attacks were detected and mitigated automatically without triggering internal alerts.
read more →

Selective Decryption for Scalable Encrypted DDoS Defense

🔒 Encrypted internet traffic and TLS 1.3 are now the norm, creating inspection blind spots that threat actors exploit to hide DDoS attacks. NETSCOUT’s Arbor Edge Defense (AED) is presented as a selective-decryption, edge-deployed solution that prioritizes blocking suspicious encrypted sessions and decrypts only when validation or deeper analysis is needed. By combining handshake inspection, rate and connection controls, and targeted decryption, AED aims to preserve capacity while improving detection and mitigation of encrypted threats.
read more →

NCSC Warns of Pro-Russian DDoS Targeting UK Services

⚠️ The UK's National Cyber Security Centre (NCSC) warns that pro‑Russian hacktivist groups are conducting distributed denial-of-service (DDoS) attacks against British organisations, particularly local government and critical infrastructure operators. These attacks are typically low in technical sophistication but can still deny access, disrupt services and impose substantial recovery costs. The NCSC advises organisations and OT owners to review and harden defences, work with ISPs and CDNs, design scalable services, retain administrative access during incidents, and regularly test mitigations.
read more →

Kimwolf IoT Botnet Infects Corporate and Government Networks

🚨A new IoT botnet, Kimwolf, has infected more than two million devices and is being used for large-scale DDoS and to relay abusive traffic. Operators abuse commercial residential proxy services—most prominently IPIDEA—to reach proxy endpoints and scan local networks, enabling lateral infections of vulnerable devices, particularly unofficial Android TV boxes. Some proxy providers have begun blocking Kimwolf-related traffic, but millions of infected endpoints remain within corporate and government networks.
read more →

UK: Ongoing Russian Hacktivist DDoS Attacks Target Services

🚨 The U.K.'s National Cyber Security Centre (NCSC) warns of sustained disruptive DDoS activity from pro‑Russian hacktivists, notably NoName057(16), which operates the crowdsourced DDoSia platform that mobilises volunteers and offers rewards. Despite arrests and server takedowns during Operation Eastwood, the group has re-emerged and continues to target critical infrastructure, local government and OT systems. The NCSC advises strengthening upstream ISP/CDN protections, designing for rapid scaling, rehearsing response plans for graceful degradation, and continuous testing to reduce downtime and recovery costs.
read more →

NCSC Warns of Ongoing Russian-Aligned DDoS Pressure

⚠️ The UK National Cyber Security Centre (NCSC) has issued an alert about ongoing disruptive cyber activity by Russian-aligned hacktivist groups targeting UK organisations, with local government and critical national infrastructure singled out. The campaigns mainly use denial-of-service (DoS/DDoS) attacks to overwhelm websites and online systems, taking services offline. The advisory highlights groups such as NoName05716, their coordination via Telegram and the hosting of tooling on GitHub, and urges organisations to review DoS protections, strengthen resilience and engage with NCSC threat collection.
read more →

ICE doxxing site taken offline by sustained DDoS attack

⚠️ The controversial ICE List doxxing site, launched after an alleged DHS whistleblower provided details on thousands of ICE and Border Patrol officials, has been taken offline by a sustained DDoS attack. Founder Dominick Skinner reported that overwhelming traffic appears to originate from Russian IP addresses routed through proxies, complicating attribution. Skinner and his team are attempting server migrations to restore access but expect the site to remain a target.
read more →

Kimwolf/AISURU Botnet Infects Over Two Million Devices

🚨 Black Lotus Labs said it null-routed traffic to more than 550 command-and-control nodes tied to the AISURU/Kimwolf botnet after detecting rapid growth beginning in early October 2025. Researchers attribute the expansion to a malicious ByteConnect SDK delivered to unsanctioned Android TV devices and proxy services that expose Android Debug Bridge (ADB). The botnet, leveraged for DDoS and residential proxy leasing, has infected more than two million devices and has been linked to hosting providers and proxy marketplaces where compromised nodes were offered for sale.
read more →

Who Benefited From the Aisuru and Kimwolf Botnets: Findings

🔍 This analysis traces how the Aisuru and Kimwolf botnets turned millions of unsecured Android TV streaming boxes into residential proxies and DDoS participants. Investigators linked proxy traffic and control infrastructure to a Utah hosting firm, Resi Rack, a Discord marketplace (resi.to), and vendors including Plainproxies/ByteConnect and Maskify. Operators hardened control with the Ethereum Name Service to evade takedowns. Owners of affected TV boxes are urged to disconnect and replace them.
read more →

Kimwolf Android Botnet Abuses Residential Proxies Widely

🛡️ Researchers report the Kimwolf Android botnet — an Aisuru variant — has grown to nearly two million infected hosts by abusing residential proxy services to reach devices on internal networks. The malware scans for unauthenticated Android Debug Bridge (ADB) endpoints on ports such as 5555 and delivers payloads via telnet/netcat, often targeting low-cost Android TV boxes. Affected devices are used for DDoS, proxy resale, and ad-fraud via third-party SDKs; mitigation includes wiping compromised boxes and preferring Google Play Protect-certified hardware from reputable OEMs.
read more →

Combining Arbor Edge Defense with CDN DDoS Protection

🔒 NETSCOUT's Arbor Edge Defense (AED) complements CDN-based DDoS mitigation by providing inline, on-premises protection for attacks that cloud scrubbing can miss. AED uses AI/ML-driven stateless packet processing and ATLAS threat intelligence to address application-layer, TCP state-exhaustion, and outbound threats. Together, CDN protections and AED form a layered, adaptive defense-in-depth strategy that preserves bandwidth and safeguards availability.
read more →

Five Common Myths About DDoS Attacks and Protection

🛡️ DDoS attacks are widespread and varied, yet persistent myths can lead organizations to underprepare. This article debunks five common misconceptions — that attacks only hit large companies, that DDoS is always high-volume flooding, that NGFWs or cloud-only solutions are sufficient, and that AI/ML is unnecessary — and explains modern multivector and application-layer tactics. Defenders are advised to deploy hybrid, AI-enabled, and stateless mitigation to protect availability.
read more →

Taiwan Faces 2.6M Daily Chinese Cyberattacks in 2025

⚠️ Taiwan's National Security Agency reported that Chinese cyberattacks targeting the island's critical infrastructure rose 6% in 2025, averaging 2.6 million attacks per day. The assaults mainly focused on the energy sector, hospitals, banks and emergency services, and extended to the semiconductor industry, including TSMC. Attackers employed large-scale denial-of-service and man-in-the-middle techniques to disrupt operations and exfiltrate data. Many incidents reportedly coincided with Chinese military exercises and high-profile political events, while Beijing denies involvement.
read more →