Giant Webcam Botnet Unleashes Record DDoS Attacks: What You Need to Know
Hold on to your hats, folks! We've got a serious internet security situation brewing. A massive botnet, dubbed Eleven11bot, has been discovered, and it's packing some serious heat. We're talking potentially the largest denial-of-service (DDoS) attack ever witnessed, and it's all thanks to a network of compromised webcams and video recorders.
What is Eleven11bot?
This nasty piece of work was first spotted by Nokia's Deepfield Emergency Response Team in late February. They noticed a surge in "hyper-volumetric attacks" originating from a huge number of scattered IP addresses. In layman's terms, Eleven11bot is like a digital flood, overwhelming its targets with so much data that they simply can't function.
How Big Are We Talking?
Estimates vary, but we're potentially looking at tens of thousands of compromised devices. Initial reports suggested around 30,000, but some researchers believe the number could be even higher. What's particularly alarming is that many of these devices have never been associated with DDoS attacks before.
Record-Breaking Attacks
Eleven11bot isn't just big; it's powerful. Nokia recorded an attack peaking at a staggering 6.5 terabits per second (Tbps) on February 27th. To put that in perspective, the previous record was 5.6 Tbps. This botnet is pushing the boundaries of what's possible in the world of DDoS attacks.
Who's Being Targeted?
The botnet is not picky, hitting communications service providers and gaming hosting infrastructure. It uses different attack vectors, flooding connections with data or overwhelming them with too many data packets. This can cause service outages lasting for days.
Where Are These Infected Devices Located?
The US appears to be the hotspot, accounting for the largest percentage of infected IP addresses (around 24%). Taiwan comes in second (around 18%), followed by the UK (around 7%).
The Mirai Connection
Security experts believe Eleven11bot is likely a variant of Mirai, a notorious malware family that targets IoT devices like webcams. Mirai made headlines in 2016 when it launched massive DDoS attacks, even taking down KrebsOnSecurity. The Mirai source code was later released, making it easier for others to create similar botnets. This new variant seems to be exploiting vulnerabilities in TVT-NVMS 9000 digital video recorders.
Conflicting Numbers
There's some debate about the exact size of Eleven11bot. While Nokia initially reported 30,000 devices, others have suggested higher or lower numbers. The discrepancies may stem from how infected devices are identified and the sharing of device information.
What Can You Do to Protect Yourself?
This is where you come in. You have a role to play in stopping botnets like Eleven11bot. Here are some crucial steps you can take to protect your IoT devices and prevent them from being weaponized:
- Firewall First: Always place your IoT devices behind a router or firewall to shield them from direct exposure to the internet.
- Remote Access Restrictions: Only enable remote administration when absolutely necessary, and disable it when you're not using it.
- Strong Passwords Are Key: Use strong, unique passwords for each of your devices. Don't rely on the default passwords that come with the device.
- Keep Your Devices Updated: Install security patches as soon as they become available. Manufacturers often release updates to fix vulnerabilities that botnets can exploit.
By taking these precautions, you can help protect yourself and make the internet a safer place for everyone. Stay safe out there!
Source: Wired