Lizard Squad Linked to Mirai Botnet

February 6, 2018

Researches have noted collaboration between the hacking groups responsible for some of the most notorious cyberattacks in recent history—Lizard Squad and the authors of Mirai. Lizard Squad gained fame through highly publicized distributed denial-of-service (DDoS) attacks, including those that disrupted Sony PlayStation and Xbox Live networks and the Malaysia Airlines website. Mirai, considered to be the most disruptive cyberattack of its kind to date, leveraged hundreds of thousands of IoT devices to launch sustained DDoS attacks. The trail of evidence tying Lizard Squad to the authors of the Mirai botnet includes the timing of attacks following high-profile arrests, the use of the same foreign hosting provider, and references to each other on their group websites.

“Despite the courageous efforts of our law enforcement agencies to identify and tear down various hacking groups, the collaboration between groups makes it extremely difficult to completely shut down their efforts for good,” said Xu Zou, CEO and co-founder, ZingBox. “Arrests of high-profile members and founders of such groups certainly slows down their momentum, but organizations can’t take their foot off the gas when it comes to being vigilant about the security of their network.”

To make matters worse, despite the arrests of high-profile members and founders of Lizard Squad, evidence suggests the group is alive and well, continuing their cybercriminal activities under the guise of BigBotPein. ZingBox security researchers investigated a domain associated with a Mirai-based malware campaign in late 2017 and traced it back to BigBotPein; the domain was registered by an individual associated with Lizard Squad. Other evidence includes simultaneous change of routing of both BigBotPein and Lizard Squad domains to a US-based ISP, and the same code obfuscation techniques used in malware distributed by both groups.

“The only way to effectively combat modern cyberattacks is to truly understand the source of the threats. Being able to pinpoint the hacking group allows for a much more effective security response,” said Zou. “Responding to an individual attack in a silo and then moving onto address the next attack puts organizations in a forever reactive mode. Threat intelligence profiling the attackers—understanding their modus operandi, method of infection, obfuscation techniques, method of data exfiltration, and so on—enables organizations to better secure their assets for the long haul. Coupling threat intelligence and the latest deep learning techniques makes it possible to perform the analysis required to combat modern threats.”

Terms of Use | Copyright © 2002 - 2018 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement