Our lead malware researcher, Greg Sinclair, recently put together a nice high level summary of our Threat Research Group’s recent Elastic Botnet Report via an on-demand webinar. The webinar takes the listener through a summary of exploits of an ElasticSearch vulnerability used to create distributed denial-of-service (DDoS) botnet infrastructures using the Elknot and BillGates DDoS malware families. It includes an overview of the vulnerability, specifics about the threat actors, analysis of the malware functionality, and remediation steps to help detect and remove infections. It’s pretty interesting, so I thought I’d bring it to your attention. Also quite interesting was the original blog they put out with the original report. Enjoy.
Read more about the author: