The name of this rapidly growing exploit should send a Halloween chill through information security teams.
It's called DemonBot.
And new details from the Radware Threat Research Center shows a page on one of DemonBot's command and control servers with this frightful message: "We're opening the hell gates."
DemonBot trends, targeting Hadoop and big data
Researchers say the target of DemonBot is the powerful Hadoop processing framework that many companies use to crunch and store data and analytics. Is this something your organization depends on? The Radware alert warns:
If so, know that a new bot is targeting Hadoop clusters with the intention of performing DDoS attacks powered by the strength of cloud infrastructure servers.
DemonBot spreads only via central servers and does not expose worm-like behavior exhibited by Mirai based bots. As of today, Radware is tracking over 70 active exploit servers that are actively spreading DemonBot and are exploiting servers at an aggregated rate of over 1 million exploits per day.
Clearly, the threat from DemonBot is growing, and planting the seeds to launch DDoS attacks is what's behind the attack.
Also, the number of exploit servers that are spreading the attack has grown by about 700% since August. Take a look at this trend line.
You can read the Demonbot research report for yourself, which leaves you with a final, spine tingling thought. This attack could also be used against the Internet of Things, even though that hasn't happened yet.
Note that though we did not find any evidence that DemonBot is actively targeting IoT devices at this time, Demonbot is not limited to x86 Hadoop servers and is binary compatible with most known IoT devices, following the Mirai build principles.
