IoT devices such as IP cameras, routers and digital video recorders are now prominently employed by hackers to launch massive DDoS (distributed denial of service) attacks.
How massive? 1 Terabit per second.
Logs showing simultaneous large-scale DDoS attacks using IoT devices were shared via Twitter by Octave Klaba, chief technology officer and co-founder of OVH, a hosting provider. One of the two highlighted attacks peaked at 799 Gbps (Gigabits per second), which is now believed to be the biggest DDoS attack in history, among reported cases that is.
The DDoS attacks targeted Minecraft servers hosted by OVH.
According to Klaba's reported statistics, the botnet used for the traffic attacks has a total of 181,116 IoT devices. The number includes Klaba's update on Sept., 29, Thursday, which revealed the addition of 18,000 CCTV cameras.
A botnet is a pool of connected devices that are infected by malicious software and can be remotely controlled by hackers. Devices within the botnet can send transmissions to other devices without the device owner's knowledge.
With speeds of 1-30 Mbps per IP, a botnet involving almost 150,000 IoT devices is capable of sending over 1.5 Tbps of traffic, says Klaba.
IoT Devices Botnet Takes Down KrebsOnSecurity
Prior to the OVH, a DDoS attack from a botnet that also enslaved IoT devices took down KrebsOnSecurity, a security news portal run by former Washington Post reporter Brian Krebs.
Krebs details that the attack began on Sept. 20 at around 8 p.m. EST. Analysis of the cyber assault revealed that the attack traffic peaked at 620 Gbps. Akamai, which handled KrebsOnSecurity.com's DDoS protection at the time of the attack, says that it's the largest attack it has experienced and almost doubles the prior record of 363 Gbps.
"Seeing that much attack coming from GRE [generic routing encapsulation] is really unusual," says Martin McKeay, Akamai senior security advocate. "We've only started seeing that recently, but seeing it at this volume is very new."
McKeay noted that the traffic from attacking systems were not isolated to just one region or a small subset of networks. "They were everywhere," he added.
As a result of the large-scale DDoS attack, Akamai had KrebsOnSecurity.com migrate to another provider. Akamai's executives reasoned that sustained attacks of such magnitude will cost the company millions.
KrebsOnSecurity.com is currently functioning under the protection of Project Shield, which protects independent news sites from DDoS attacks.
Photo: Katy Levinson | Flickr