WHY THIS MATTERS IN BRIEF
- Botnets are exploiting security vulnerabilities in the Internet of Everything devices to launch the world’s largest DDoS attacks
Hot on the heels of the news that someone might be trying to take down the entire internet, earlier this week hosting provider OVH was overwhelmed by what is thought to be the world’s largest ever DDoS attack – a 1Tbps attack launched by a botnet comprised of at least 150,000 internet of Everything (IOE) devices and once confirmed it will beat the next largest DDoS attack by a factor of three.
OVH founder and CTO Octave Klaba reported the 1Tbps DDoS attack on Twitter sharing an image that lists the multiple sources of the attack.
“Last days, we got lot of huge DDoS. Here, the list of “bigger that 100Gbps” only. You can see the simultaneous DDoS are close to 1Tbps !” said Klaba.
Klaba explained that the servers of its company were hit by multiple attacks exceeding 100 Gbps simultaneously concurring at 1 Tbps DDoS attack. One of the attacks documented by the OVH reached 93 MMps and 799 Gbps, and they are still getting larger.
Last days, we got lot of huge DDoS. Here, the list of “bigger that 100Gbps” only. You can see the
simultaneous DDoS are close to 1Tbps ! pic.twitter.com/XmlwAU9JZ6
— Octave Klaba / Oles (@olesovhcom) September 22, 2016
Klaba speculated the attackers used an IoT botnet composed of CCTV cameras and DVRs and at first look it seems that the botnet is capable of launching attacks that exceed 1.5 Tbps.
“Over 6,857 new cameras participated in the DDoS last 48 hours,” said Klaba.
The company was targeted by various types of traffic, including Generic Routing Encapsulation (GRE) traffic, a novelty in the DDoS landscape. But unfortunately, such kind of DDoS attacks are likely to become even more frequent because it is too easy for hackers gain control of poorly configured, or vulnerable, IoE devices.
Last week experts observed another massive DDoS that targeted the website of the popular cyber security expert Brian Krebs which was subjected to a 665Gbps DDoS attack and both are by far the largest attacks we’ve seen so far.
Expect more to come.