New from @greynoise Labs: IP Check — a free tool to see if the network you're on has been compromised.

Residential proxy networks & IoT botnets are turning home & small biz connections into attack infrastructure. Most folks have no idea it's happening.

Visit check.labs.greynoise.io from any […]

New, by me: Is your Android TV streaming box part of a botnet?

"On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and […]

[Original post on infosec.exchange]

Good job everyone, we solved the DDoS-for-hire problem!

This commentary by Lawrence Stowe nails it on why sanctioning bulletproof hosting providers doesn't work unless you also revoke their network resources at the same time (or preferably before sanctions are announced/leaked) […]

New, by me: Aisuru Botnet Shifts from DDoS to Residential Proxies

Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and […]

[Original post on infosec.exchange]

My latest on the Nokia blog: why we (collectively) need to do more on outbound DDoS suppression, and build more resilient networks (and, yes, avoid further centralization of internet traffic).

The attack peak values we’ve been seeing these past couple of months (particularly from #aisuru) now […]

Tallinn fall

New, by me: DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast […]

[Original post on infosec.exchange]

#breizh

Cloudflare now seeing yet-another record, at >22 Tbps. Only 40 seconds so quite likely to be a power proof / marketing material for the #DDoS-for-hire service operators; but we have a serious botnet centralization issue on our hands.

https://x.com/Cloudflare/status/1970244046946759024 […]

100M+ proxy IP sounds promising (and in line with our own estimates of the aggregated resi proxy pool out there), so looking forward to digging into the data.
https://mastodon.social/@campuscodi/115203160932306706

Banger of an update by @xlab_qax on #aisuru / #airashi, confirming a few things we were observing from network telemetry and breaking a bunch of new interesting details:
- ~300k bots, including ~100k Totolink routers compromised through exploitation of their update server
- Record at 12.1 Tbps
- […]

The call for proposals for #botconf2026 has been published. You have until January 2nd 2026 to send your submissions

https://www.botconf.eu/call-for-proposals/

#airashi has been blasting some multi Tbps / Gpps floods to US networks + EU cloud yesterday; nothing very subtle about it.

This just one example; there were many more. In addition to the usual compromised IoT devices sending that traffic (a few tens of […]

[Original post on infosec.exchange]

#rapperbot is no more: https://www.justice.gov/usao-ak/pr/oregon-man-charged-administering-rapper-bot-ddos-hire-botnet

(I had been wondering why the C2 nodes were being rude to our tracking clients since August 6. Now I know!)

The number of websites lacking proper RSS/Atom feeds is too damn high.

#rss #web #atom

Supposed to be enjoying a week off skiing, but the X DDoS-related outage brought me back a bit.

Hint: that attack has been botnet-driven.