What are GoldBrute attacks and why should you care?

We are two weeks into the month of June and it is not looking good for servers. Last month, the theme of security threats was routers, but servers are getting the short end of the stick this month. Exim, a host for e-mail servers, had their security issues but I’m sure they’re thankful for the recent security issues since their story pales in comparison to recent threats. 

One of these recent threats is GoldBrute, a brute-force botnet that has already targeted 1.6 million RDP servers across the globe.

What even is a botnet?  An RDP server?  Where did GoldBrute come from?

1. What is a Botnet?

In nature, certain creatures such as bees and ants can act as one collective being.  If the queen instructs the army of bees to perform a task, hundreds and thousands of individuals will follow suit. This type of group thinking and centralized control is known as a “hive mind”.

A botnet is the same. It, too, has a hive mind.

To create a botnet, a hacker will infect multiple computers or servers with malware that is designed to give the hacker control of each device.  When the hacker has gained control of the devices, he will set each device to act as one entity for one task.

For example, a hacker may use 20 computers to send the same spam message to different e-mail addresses.  Or, for our current situation, use the botnet to try to hack more than half a million servers. 

RDP servers, to be exact. And now it’s time for me to move into the second educational lesson.

2. RDP Servers

RDP, standing for Remote Desktop Protocol, allows hardware to be remotely accessed from a different location.  Of course, this type of tech requires a server(s) to use, so what happens when these servers are hacked?

Let’s see, a botnet is a system where multiple computers can be remotely accessed to perform one, usually illegal, task.  RDP allows remote access to devices, so…oh.  That’s why.

If you have RDP servers under your botnet command, that would be a huge win for you, if you’re the hacker of course.

3. What about GoldBrute?

GoldBrute is currently the biggest epidemic that servers are facing right now.  Over 1.6 million RDP servers have been targeted, but 2.4 million have been exposed.  That’s right, GoldBrute is just getting started.

GoldBrute works by using a brute-force method.  When GoldBrute is put on a machine, the machine will attempt to download a sizeable 80MB file that contains a Java executable.  Once the executable is run, a bot in the botnet will proceed to scan through IP addresses in the search for an RDP endpoint. 

Once found, the bot will proceed to start a brute-force attack, attempting multiple passwords and usernames over and over until it gets both right.

GoldBrute has shown to be very effective, thanks to its technique of trying the only password per machine and then moving on until later so as to not trigger any defense mechanisms on a network.

As I said earlier, servers have pretty much gotten the short end of the stick this month, but GoldBrute is on a whole other level.  BlueKeep, another vulnerability in RDP servers, is also a bad vulnerability, but GoldBrute has hit a scale that we haven’t seen in a while.

GoldBrute has actually become so popular among hackers that a recent study shows that, in the past week, 96% of RDP server attacks are brute-force attacks versus the 3.4% that are taking advantage of the BlueKeep exploit.  If that’s not a sign of a successful hack, I don’t know what is.  Though, I guess I’d prefer the alternative of never knowing this exploit existed so I could sleep peacefully.  Ignorance is bliss after all.

Hot this week

Questions to Ask Your Migration Agent Before You Sign

Choosing the right migration agent is one of the...

PR Visa Subclasses Explained: Which Path is Easiest?

Looking to Secure Your Australia PR in 2025? If you're...

How to Track Your PR Application on ImmiAccount

For every aspiring migrant from Gujarat—whether you're a civil...

How to Get a PCC for Australia PR – Fast & Correct

Filing an Expression of Interest (EOI) is one of...

How to File an EOI for Australia PR the Right Way

Filing an Expression of Interest (EOI) is one of...

Topics

Questions to Ask Your Migration Agent Before You Sign

Choosing the right migration agent is one of the...

PR Visa Subclasses Explained: Which Path is Easiest?

Looking to Secure Your Australia PR in 2025? If you're...

How to Track Your PR Application on ImmiAccount

For every aspiring migrant from Gujarat—whether you're a civil...

How to Get a PCC for Australia PR – Fast & Correct

Filing an Expression of Interest (EOI) is one of...

How to File an EOI for Australia PR the Right Way

Filing an Expression of Interest (EOI) is one of...

How to Avoid PR Scams and Choose the Right Help

With the rising interest in settling in Australia, the...

How to Apply for Australia PR: Full Process Explained & How Your Partner Can Help

Applying for Australia PR can be life-changing, especially when...

How Long to Wait After EOI & Visa Submission?

If you're planning to migrate to Australia, understanding the...
spot_img

Related Articles

Popular Categories

spot_imgspot_img