Light Dark
May 1, 2019 By David Bisson 2 min read

A distributed denial-of-service (DDoS) botnet targeting servers used by the Electrum bitcoin wallet reached 152,000 infected hosts at the end of April.

Malwarebytes began tracking this DDoS botnet and its attacks against Electrum’s infrastructure in the spring of 2019. On April 24, the number of infected machines serving the botnet numbered just below 100,000. The next day, its bot count reached 152,000. This total then fluctuated before settling back down to around 100,000 compromised machines.

According to Malwarebytes’ analysis, the majority of these infected computers are located in the Asia Pacific region. Meanwhile, most of the bots found in the Americas were located in Peru and Brazil.

Earlier in April, Malwarebytes observed attackers using two campaigns to drop ElectrumDoSMiner, the malware that is helping to fuel this botnet. One of those operations involved the RIG exploit kit, while the other used the Smoke Loader malware downloader. Even so, the security firm’s more recent report revealed that threat actors are also now using a previously undocumented loader called Trojan.BeamWinHTTP to help distribute ElectrumDoSMiner.

Putting the Electrum Attacks Into Context

This DDoS botnet is part of an ongoing assault against owners of Electrum bitcoin wallets. As reported by ZDNet, the siege began back in December 2018 when bad actors tricked users into installing a malicious wallet update by exploiting a flaw in Electrum’s software. Attackers then used this fake fix to steal more than 200 bitcoin from affected users in the matter of a week. In total, these actors have stolen the bitcoin equivalent of approximately $4.6 million as of Malwarebytes’ latest report.

In February, Electrum’s developers fought back by exploiting the same flaw to redirect users to install a patched version of the Electrum software. It was this move that likely prompted attackers to retaliate by launching the botnet and targeting Electrum’s servers, as Malwarebytes posited in its mid-April article. These DDoS attacks effectively overwhelmed Electrum’s legitimate nodes so that users had no choice but to connect to the malicious ones.

How to Defend Against a DDoS Botnet

Security professionals can help their organizations defend against a DDoS botnet by creating a secure perimeter around their cloud infrastructure. This perimeter should consist of next-generation firewalls, DDoS traffic scrubbing and anomaly detection. Security teams should also consider enlisting the help of artificial intelligence to improve their organization’s anti-malware defenses and their own effectiveness.

 |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

November 15, 2024

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

November 13, 2024

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature