"Malware -> Bot -> Botnet -> DDoS", the natural order of this ecosystem.
NetSensor has been recording and tracking intense malicious activity for 5 consecutive days, originating from Tanzania and, to a lesser extent, from the United Arab Emirates.
Based on the characteristics analyzed, these are hundreds of devices with low security levels and exposing services such as the management console, which probably led to the exploitation of these assets, which are now infected with malware and seeking new victims exposed on the Internet.
HackNet, NetSensor's threat intelligence network, observed this movement reaching all of its 22 analysis points, spread across 21 countries.
For the first time, Tanzania entered the ranking of the "Top 5" countries with the most sources of malicious traffic detected on the HackNet network, ahead of countries such as Russia, India, South Korea and Brazil.
The main focuses of this campaign are the two largest telecommunications operators in those countries:
TANZANIA TELECOMMUNICATIONS CO. LTD
EMIRATES TELECOMMUNICATIONS CORPORATION
These devices will probably be used in DDoS attacks. So, if you do not have operations with either of these two countries, you can consider blocking addresses from these locations.
Another possibility is to block the ASN (Autonomous System Number) of each of the operators:
AS33765: TANZANIA TELECOMMUNICATIONS CO. LTD
AS5384: EMIRATES TELECOMMUNICATIONS GROUP COMPANY (ETISALAT)
The observed traffic reveals thousands of devices that are now reinforcing the artillery of one or more groups of cybercriminals, reinforcing their ability to launch powerful DDoS attacks against targets around the world.
NetSensor customers using HackNet are automatically protected from the thousands of sources involved in this malicious campaign.
Read too: