20,000 Organizations Hit by GorillaBot DDoS Onslaught
A new wave of attacks involving a modified variant of Mirai, named GorillaBot, has triggered over 300,000 DDoS attacks, impacting approximately 20,000 organizations globally in September of this year.
In about 41% of cases, attackers employed UDP Floods, bombarding victim networks with large volumes of packets to overwhelm them. Additionally, around a quarter of the attacks used ACK Bypass Floods, where attackers inundated a single port with fake TCP ACK packets, causing network protocol overloads.
Researchers at NSFOCUS noted that GorillaBot uses re-engineered code from the Mirai family and supports architectures such as ARM, MIPS, x86_64, and x86. A distinctive feature of GorillaBot is the message displayed on infected devices: “gorilla botnet is on the device ur not a cat go away,” which inspired the botnet’s name.
The botnet was controlled by five C2 servers, which, at the peak of the attacks, generated up to 20,000 commands per day. Overall, the attacks affected 113 countries, with China being the hardest hit, followed by the United States, Canada, and Germany.
GorillaBot employs 19 different DDoS attack methods, including UDP floods and TCP Syn/ACK floods, complicating defense efforts for organizations. Countering such multi-layered attacks requires a combination of techniques, such as limiting UDP packet transmission rates and using TCP connection tracking systems to filter only valid ACK packets.
Traffic from so-called “bad bots,” like GorillaBot, continues to surge. In 2023, researchers at Imperva blocked nearly 6 trillion requests from such bots, accounting for 32% of all internet traffic—an increase of 2% from the previous year. Imperva reports that the share of bot attacks related to DDoS is 12.4%, particularly affecting industries like gaming, telecommunications, and healthcare.
The evolution of cyber threats demands constant vigilance and adaptation of defense strategies. The emergence of new malware variants, such as GorillaBot, underscores how attackers continuously refine their tools, employing multi-layered attacks and targeting a broad array of victims worldwide.
Organizations must invest in comprehensive security systems and regularly update their defense strategies to counter the growing sophistication and scale of cyberattacks in today’s digital landscape.
