An unprecedented and massive DDOS attack was detected by the founder of OVH; the source is a large botnet of compromised IoT (Internet of Things) devices.
The Largest Ever Reported DDOS Attack Carried out by Hacked IoT Devices
Security researchers, journalists, and computer experts have warned everyone that everyone should be very careful about using IoT devices with weak security. Now we have witnessed the what a massive botnet can do.
The founder and CTO of the French hosting company OVH Octave Klaba have posted on Twitter that his company was targeted with two concurrent DDOS attacks. Their combined bandwidth reached almost one terabit per second, and one of the two attacks peaked at 799 Gbps. This is the largest attack of this type that has ever been reported.
The attackers targeted Minecraft servers hosted on OVH’s network, and the source was identified as a massive botnet comprising of 145 607 compromised IoT DVR and IP camera appliances.
This botnet is capable of generating traffic of 1 Mbps to 30 Mbps from every IP address, making the total damage potential that could exceed 1.5 Tbps. The botnet attack was almost twice the size of the largest attack Akamai has reported.
Security reports continue to indicate that insecure IoT appliances continue to be compromised by malicious users worldwide. Its relatively easy to recruit them to botnets and they are highly effective against specified targets because of the large geographical distribution.
The majority of hacked devices are caused by administration neglect and not by specific software security vulnerabilities. The lack of good security policies and inadequate operation leads to attacks such as the one against OVH.
And unfortunately, botnets like this one will continue to grow and pose as a danger to even the most hardened networks on the Internet. As every IoT device can potentially become a bot in large networks, system and security administrators should continue to educate businesses, individuals and agencies about the serious state of IoT (in)security.