CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

“Spike” DDoS Toolkit Targets PCs, Servers, IoT Devices: Akamai

Akamai’s Prolexic Security Engineering and Response Team (PLXsert) has published a new threat advisory to warn enterprises of distributed denial-of-service (DDoS) attacks leveraging a toolkit dubbed “Spike.”

Akamai’s Prolexic Security Engineering and Response Team (PLXsert) has published a new threat advisory to warn enterprises of distributed denial-of-service (DDoS) attacks leveraging a toolkit dubbed “Spike.”

According to the Internet infrastructure company, the Spike DDoS Toolkit has been used in several attacks aimed at organizations in Asia and the United States. One of the attacks observed by PLXsert peaked at 215Gbps and 150 Mpps.

The malware, which appears to have been developed by a China-based group, uses compromised machines to launch SYN floods, UDP floods, DNS query floods, and GET floods against targeted organizations.

Spike DDoS ToolkitWhile there are several threats capable of performing such attacks, Spike stands out because it can infect not only Windows machines, but also desktop and ARM-based devices running Linux. This means that the list of targeted machines includes not only PCs and servers, but also routers and Internet of Things (IoT) devices such as thermostats, fridges, lighting solutions and washers.

“The Spike DDoS toolkit contains components of a typical client-based botnet: a command and control (C2) panel, binary payloads for infection and DDoS payload builders. The C2 and the builders are Windows binaries for use by the malicious actor, while the infectious payloads were designed to target mainly Linux or other embedded devices,” PLXsert said in its advisory. “The ability of the Spike toolkit to generate an ARM-based payload suggests that the authors of such tools are targeting devices such as routers and IoT devices to expand their botnets for a post-PC era of botnet propagation.”

Pieces of malware that appear to be variants of this toolkit were analyzed earlier this year by Russian security firm Doctor Web. The company initially found only Linux versions of the malware, but in August it reported that one of the threats had been ported to Windows.

The toolkit sample analyzed by PLXsert came with a total of three payload builders: two for 32 and 64-but Linux payloads, and one for 32-bit ARM executables.

“The introduction of a multi-platform DDoS toolkit such as the Spike DDoS toolkit indicates the direction that malicious actors are taking. The ARM payload for Linux could be used to target popular embedded devices, CPEs [customer premises equipment] and Internet of Things devices; at least the subset of those devices that can be exploited and on which remote code execution can be attained,” the advisory reads.

According to Akamai, the layer 3 DDoS attacks can be mitigated by implementing access control lists (ACLs). Organizations can defend themselves against the layer 7 GET flood with the aid of a SNORT rule described in the advisory.

Advertisement. Scroll to continue reading.

This isn’t the first time Akamai has warned enterprises of DDoS attacks leveraging Linux malware. In an advisory published earlier this month, the company detailed operations relying on Linux malware dubbed IptabLes and IptabLex, with one attack peaking at 119 Gbps bandwidth and 110 Mpps.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.