Mysterious "LOVE" packet storms flood the internet since 2020
GreyNoise has been monitoring "Noise Storms" since January 2020, characterized by spoofed traffic and a "LOVE" ASCII string, targeting specific ISPs and emphasizing the need for advanced cybersecurity strategies.
Read original article
Internet intelligence firm GreyNoise has been tracking unusual waves of internet traffic termed "Noise Storms" since January 2020, but the origin and purpose of these events remain unclear. These storms consist of spoofed traffic and are suspected to be related to covert communications, DDoS attack coordination, or malware command and control channels. A notable feature of the traffic is the inclusion of a "LOVE" ASCII string in ICMP packets, which adds to the mystery. The traffic primarily targets TCP connections, especially on port 443, and is directed towards specific internet service providers while avoiding others like Amazon Web Services. The characteristics of the traffic suggest a deliberate effort by a knowledgeable actor rather than a mere misconfiguration. GreyNoise has made packet captures available on GitHub, inviting cybersecurity researchers to assist in uncovering the true nature of these Noise Storms. The firm emphasizes the need for adaptive security strategies to address such unusual threats.
- GreyNoise has tracked "Noise Storms" since January 2020, with unknown origins.
- The traffic includes spoofed packets and features an ASCII "LOVE" string.
- The storms target specific ISPs and focus on TCP connections, particularly port 443.
- GreyNoise has published packet captures for researchers to analyze.
- The phenomenon highlights the need for advanced cybersecurity measures.
Related
The Rise of Packet Rate Attacks: When Core Routers Turn Evil
Packet rate attacks, a new trend in DDoS attacks, overload networking devices near the target. OVHcloud faced attacks exceeding 100 Mpps, some from MikroTik Routers, prompting enhanced protection measures.
Cloudflare reports almost 7% of internet traffic is malicious
Cloudflare's report highlights a rise in malicious internet traffic, driven by global events. It emphasizes the need for timely patching against new vulnerabilities, notes a surge in DDoS attacks, stresses API security, and warns about harmful bot traffic. Organizations are urged to adopt robust security measures.
FrostyGoop malware uses Modbus, threatens ICS systems worldwide
A new malware strain, "FrostyGoop," targets operational technology systems globally via Modbus TCP communications. An attack on a Ukrainian energy company caused a two-day heating outage, highlighting the need for enhanced network monitoring and security measures to protect critical infrastructure.
Threat Actor Abuses Cloudflare Tunnels to Deliver Rats
Proofpoint reported increased cybercriminal activity using Cloudflare Tunnels to deliver malware, particularly remote access trojans. Campaigns involve phishing emails and exploit temporary tunnels, necessitating adaptive cybersecurity defenses.
Hackers breach ISP to poison software updates with malware
A Chinese hacking group, StormBamboo, breached an ISP to inject malware into software updates, exploiting insecure mechanisms. They redirected requests to install malware on victims' devices, including a malicious Chrome extension.
2 commentshttps://github.com/GreyNoise-Intelligence/2024-09-noise-stor...
>The Time to Live (TTL) values, which dictate how long a packet stays on the network before it's discarded, are set between 120 and 200 to resemble realistic network hops.
Sounds like someone testing something nefarious.
Related
The Rise of Packet Rate Attacks: When Core Routers Turn Evil
Packet rate attacks, a new trend in DDoS attacks, overload networking devices near the target. OVHcloud faced attacks exceeding 100 Mpps, some from MikroTik Routers, prompting enhanced protection measures.
Cloudflare reports almost 7% of internet traffic is malicious
Cloudflare's report highlights a rise in malicious internet traffic, driven by global events. It emphasizes the need for timely patching against new vulnerabilities, notes a surge in DDoS attacks, stresses API security, and warns about harmful bot traffic. Organizations are urged to adopt robust security measures.
FrostyGoop malware uses Modbus, threatens ICS systems worldwide
A new malware strain, "FrostyGoop," targets operational technology systems globally via Modbus TCP communications. An attack on a Ukrainian energy company caused a two-day heating outage, highlighting the need for enhanced network monitoring and security measures to protect critical infrastructure.
Threat Actor Abuses Cloudflare Tunnels to Deliver Rats
Proofpoint reported increased cybercriminal activity using Cloudflare Tunnels to deliver malware, particularly remote access trojans. Campaigns involve phishing emails and exploit temporary tunnels, necessitating adaptive cybersecurity defenses.
Hackers breach ISP to poison software updates with malware
A Chinese hacking group, StormBamboo, breached an ISP to inject malware into software updates, exploiting insecure mechanisms. They redirected requests to install malware on victims' devices, including a malicious Chrome extension.