Qualys Report Warns of Rapid Surge in Automated Botnet Attacks Targeting PHP Servers
Qualys Report Warns of Rapid Surge in Automated Botnet Attacks Targeting PHP Servers
Synopsis
- Cybersecurity experts report a growing wave of automated attacks against PHP servers, IoT devices, and cloud gateways.
- Botnets like Mirai, Gafgyt, and Mozi exploit known vulnerabilities and weak configurations.
- Debugging tools and API key exposures are key entry points for attackers.
- Scanning often originates from major cloud providers like AWS and Google Cloud.
- The AISURU botnet can launch DDoS attacks exceeding 20 terabits per second.
3 mins Read
Cybersecurity researchers have raised alarm over a sharp increase in automated attacks targeting PHP servers, IoT devices, and cloud gateways. According to a report from Qualys’ Threat Research Unit, the spike is being driven by notorious botnets such as Mirai, Gafgyt, and Mozi, which exploit known vulnerabilities and insecure cloud setups to hijack exposed systems and expand their botnet infrastructure.
The report states that PHP servers are particularly at risk because of their widespread use in content management systems (CMS) like WordPress and Craft CMS. Many of these servers are vulnerable due to misconfigurations and outdated plugins, creating a vast attack surface for cybercriminals. Attackers have been seen using the query string /?XDEBUG_SESSION_START=phpstorm to initiate debugging sessions. If these sessions are inadvertently left active in production environments, they can enable unauthorized access and facilitate data extraction from sensitive systems.
Beyond debugging exploits, Qualys researchers found that attackers are actively searching for credentials, API keys, and access tokens on internet-exposed servers. The study also revealed that IoT devices are being exploited for their often weak security standards. The scanning activity behind these attacks frequently originates from large-scale cloud environments such as AWS and Google Cloud, demonstrating how cybercriminals leverage legitimate infrastructure to conceal their true identities and bypass detection systems.
Experts warn that even low-skill attackers are capable of inflicting serious damage thanks to the abundance of open-source exploitation kits and preconfigured botnet frameworks readily available online. These automated tools enable rapid deployment of attacks that can overwhelm networks and exfiltrate data without significant technical expertise.
To prevent such breaches, cybersecurity professionals recommend several key measures:
- Regularly updating all systems and dependencies.
- Removing development tools and debugging utilities from live production environments.
- Restricting public access to critical cloud assets.
- Implementing strong authentication and monitoring on exposed endpoints.
The Qualys Threat Research Unit underscores that the growing sophistication of these botnets poses a global cybersecurity concern, particularly for businesses relying on outdated web servers or unmanaged cloud configurations.
This escalation in botnet capabilities aligns with recent findings by NETSCOUT, which has classified the AISURU botnet as a new generation of malware capable of delivering distributed denial-of-service (DDoS) attacks surpassing 20 terabits per second. Unlike earlier botnets that focused solely on flooding networks, AISURU integrates multiple functionalities, including the use of residential proxy networks to disguise malicious operations and facilitate large-scale abuse campaigns.
Cybersecurity analysts emphasize that the combination of cloud-based concealment, IoT exploitation, and high-speed DDoS capability marks a pivotal evolution in cybercrime infrastructure. They caution that without proactive patch management and network segmentation, organizations risk becoming unwilling participants in these botnet-driven attacks.
Source: Agencias / Softonic International – based on the report from Qualys Threat Research Unit and analysis by NETSCOUT.
Source here – Have a Story? Address it to the Editor and submit it here
About Qualys
Founded in 1999 and headquartered in Foster City, California, Qualys, Inc. is a global leader in cloud-based security and compliance solutions. The company provides continuous vulnerability management, policy compliance, web application scanning, and threat protection to enterprises and government organizations worldwide. Its Qualys Cloud Platform delivers real-time visibility into IT, cloud, and endpoint assets, helping organizations automate security operations and maintain compliance with regulatory standards.
Qualys’ Threat Research Unit (TRU) plays a critical role in identifying emerging cyber threats, analyzing exploits, and publishing reports that guide global cybersecurity practices. The company’s integrated suite of services supports vulnerability detection, risk prioritization, and remediation workflows across hybrid and multi-cloud environments. Trusted by thousands of organizations in more than 130 countries, Qualys continues to innovate in proactive security automation, leveraging artificial intelligence and advanced analytics to safeguard digital infrastructures against evolving cyberattacks.
Featured Image Source: Digital Matter
Disclaimer
The information provided in this article is for general informational purposes only and is derived from publicly available sources. While every effort is made to ensure accuracy, we make no representations or warranties, express or implied, regarding the completeness, reliability, or validity of the content. This article does not assert or verify any claims about specific companies, individuals, or organizations. References to external reports, studies, or sources are for contextual purposes only and do not imply endorsement or confirmation of any specific allegations. Readers are advised to conduct their own due diligence and seek professional advice before making business or investment decisions. We disclaim any liability for losses or damages incurred as a result of reliance on the information provided.