On the 23rd of this month, I read a very interesting article in regards to a very large botnet in Peru which was disrupted. While it still mines crypto currency, it can’t get new commands and I’m sure the actors may not be able to get their money but that remains to be seen.
The article came from Cyberscoop, and I did find it quite interesting to read.
Cybersecurity researchers on Thursday said they had helped disrupt the infrastructure behind a botnet being powered by tens of thousands of devices in Peru.
For months, the botnet — an army of compromised computers controlled by an attacker — had grown in strength by quietly infecting devices using USB drives, allowing the attackers to mine thousands of dollars in cryptocurrency. The infections reached the Peruvian public sector and financial institutions, adding urgency to the effort to defang it.
Now, Slovakian anti-virus company ESET says it helped “sinkhole” — or render innocuous — about a quarter of the malicious subdomains used by the botnet.
That means the infected machines will continue to mine cryptocurrency, but they won’t be able to receive more malicious instructions — such as injecting code onto devices— from whoever is controlling the botnet. (ESET said it had no indication that those code injections would happen.) It’s an example of how the fight against a cybercriminal threat is often long and methodical — and heavily aided by the private sector.
I used this antivirus program once, and it was good. Want to learn more? Read the Cyberscoop article: A 35,000-device botnet in Peru is wounded, but still mining cryptocurrency and feel free to leave those thoughts on this one.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.