UPDATED 21:09 EST / AUGUST 19 2020

SECURITY

FritzFrog botnet targets SSH servers belonging to government and enterprises

A newly discovered sophisticated botnet campaign that is targeting government offices and enterprises was detailed today for the first time.

Dubbed “FritzFrog” by security researchers at Guardicore Ltd., which reported the peer-to-peer botnet today, it’s believed to have been actively breaching SSH servers since January. The botnet executes a worm malware written in the Go language and is described as being modular, multithreaded and fileless, leaving no trace on the infected machine’s disk.

The botnet has been found to be attempting to brute force and propagate on tens of millions of IP address belonging to government offices, educational institutions, medical centers, banks and numerous telecom companies. The research found that the botnet has infected more than 500 servers, including well-known universities in the U.S. and Europe along with a railway company. The countries with the most infections were found to be China, South Korea and the U.S.

Interestingly, FritzFrog was found to have no relationship to previous forms of malware and is completely proprietary, suggesting that those behind it are highly professional software developers. The botnet was also found to be unique even in the way it communicated compared with previous botnets.

The researchers don’t suggest who may be behind the botnet, but the sophistication immediately raises the suspicion that it could have been designed by a nation-state sponsored hacking group.

“FritzFrog takes advantage of the fact that many network security solutions enforce traffic only by the port and protocol,” Guardicore’s Ophir Harpaz noted. “To overcome this stealth technique, process-based segmentation rules can easily prevent such threats.”

Tamer Hassan, co-founder and chief executive officer of bot mitigation firm White Ops Inc., told SiliconANGLE that there has been a fundamental erosion in trust on the internet over the last several years, where you can’t assume that interactions you have online are with humans rather than bots.

“This challenge is going to get even more complicated as sophisticated bots look and act like humans when they click on ads, visit websites, fill out forms, take over accounts and commit payment fraud,” he said. “Bots used to be simple, beneficial tools, and now bad actors are collecting, automating and targeting them at enterprises and consumers by sending millions of bots to do bad things.”

Hassan added that the cybersecurity industry along with partners and law enforcement need to work together to disrupt the economics of cybercrime.

Image: Guardicore

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU