Botnet builders use more types of Internet-capable devices

The Spike DDoS toolkit runs on a Windows system, but it can communicate and execute commands to Windows, Linux and ARM-based devices infected with its binary payloads. The ability to generate an ARM-based binary payload suggests that the authors of this malicious tool are seeking to control devices such as routers and Internet of Things (IoT) devices (i.e., smart thermostat systems and washer/dryers). The capability to infect and control a broader range of devices could allow DDoS attackers to propagate botnets in a post-PC era.

DDoS mitigation of Spike DDoS attacks

Most the infrastructure DDoS attacks launched by the Spike DDoS toolkit can be mitigated by implementing access control lists (ACLs) that filter out unwanted traffic. To mitigate against the toolkit’s application-layer GET flood attack, PLXsert has produced a SNORT signature, which is available in the threat advisory.

System hardening recommended

The multi-platform infection code in this kit increases the threat’s complexity and sophistication and makes it necessary to apply system hardening measures to each of the targeted operating systems and platforms. Links to industry recommended hardening techniques are provided to system administrators in the advisory. The advisory also provides a YARA rule to identify bot payloads used to infect devices and make them part of the botnet.

PLXsert anticipates further infestation and the expansion of this DDoS botnet.

Also Read:
Transform Thoughts into Reality: The Uniqueness of Successful Entrepreneurs