Security researchers detected a previously undocumented botnet named Gucci, which is capable of launching multiple types of distributed denial-of-service (DDoS) attacks against targeted organizations.

In an email exchange with SecurityWeek, SecNiche Security Labs researchers Aditya K Sood and Rohit Bansal analyzed the internet of things (IoT) threat’s binaries and observed that the Gucci botnet was targeting ARM, x86, MIPS, PPC, M68K and other architectures. This investigation revealed that a server located in the Netherlands was distributing the obfuscated binaries. It also showed that bad actors had stripped all the debug symbols from the binaries, thereby reducing their overall size.

After discovering that each Gucci bot was attempting to connect to a remote IP address on TCP port 5555, Sood and Bansal used automation to authenticate themselves and thereby gain access to the threat’s command-and-control (C&C) panel. They then uncovered that anyone with access to the panel could use the threat to conduct a variety of DDoS attacks, including UDP flood, SYN flood, ACK flood, UDP flood with less protocol options and GRE IP flood. Not long thereafter, however, those operating the botnet discovered the compromise and removed the TCP service from the host.

Not the Only IoT Threat to Recently Emerge

The Gucci botnet isn’t the only IoT-based threat of its kind to emerge in 2019. Back in March, Trend Micro discovered a new Mirai variant targeting smart TVs and wireless presentation systems commonly used by businesses. A couple months later, WootCloud spotted the Ares ADB botnet going after Android-based IoT devices such as set top boxes (STBs) and TVs. Most recently, in June, ZDNet learned of Silex, malware that wipes the firmware of infected IoT devices.

How to Defend Against the Gucci Botnet

Security professionals can help their organizations defend against the Gucci botnet by implementing security by design at the earliest stages of any and all IoT projects. This includes using a layered approach with IoT devices and disconnecting any build projects from public networks. Companies should also consider enlisting the help of a third party to help prevent a DDoS attack launched by an IoT botnet.

More from

How to Spot a Nefarious Cryptocurrency Platform

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

Are Threat Actors Using ChatGPT to Hack Your Network?

Though the technology has only been widely available for a couple of months, everyone is talking about ChatGPT. If you are one of the few people unfamiliar with ChatGPT, it is an OpenAI language model with the “ability to generate human-like text responses to prompts.” It could be a game-changer wherever AI meshes with human interaction, like chatbots. Some are even using it to build editorial content. But, as with any popular technology, what makes it great can also make…

Why Crowdsourced Security is Devastating to Threat Actors

Almost every day, my spouse and I have a conversation about spam. Not the canned meat, but the number of unwelcomed emails and text messages we receive. He gets several nefarious text messages a day, while I maybe get one a week. Phishing emails come in waves — right now, I’m getting daily warnings that my AV software license is about to expire. Blocking or filtering has limited success and, as often as not, flags wanted rather than unwanted messages.…

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen. Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper…