CATEGORIES
home News

Latest IoT DDoS Attack Dwarfs Krebs Takedown At Nearly 1Tbps Driven By 150K Devices

by Brandon HillTuesday, September 27, 2016, 11:09 AM EDT
If you thought that the massive DDoS attack earlier this month on Brian Krebs’ security blog was record-breaking, take a look at what just happened to France-based hosting provider OVH. OVH was the victim of a wide-scale DDoS attack that was carried via network of over 152,000 IoT devices.

According to OVH founder and CTO Octave Klaba, the DDoS attack reached nearly 1 Tbps at its peak. Of those IoT devices participating in the DDoS attack, they were primarily comprised of CCTV cameras and DVRs. Many of these types devices' network settings are improperly configured, which leaves them ripe for the picking for hackers that would love to use them to carry our destructive attacks.

ddos

Klaba originally stated that 145,607 devices made up the botnet, but recently confirmed that another 6,857 cameras joined in on the attack. The DDoS peaked at 990 Gbps on September 20th thanks to two concurrent attacks, and according to Klaba, the original botnet was capable of a 1.5 Tbps DDoS attack if each IP topped out at 30 Mbps.

And to think this massive DDoS campaign was directed at Minecraft servers that OHV was hosting.

The DDoS attack witnessed by KrebsOnSecurity peaked at 620 Gbps, and was destructive enough to cause Brian Krebs’ hosting company, Akamai, to drop him with only two hours’ notice. Krebs is thought to have been attacked due to his part in taking down the Israeli firm vDOS, which profits from initiating DDoS attacks on websites.

As for Akamai’s decision to give KrebsOnSecurity its walking papers, Krebs himself harnessed no ill will towards the company:

With that being said, there's a reason why many IoT devices become mindless zombies in global DDoS campaigns. "Most IoT malware targets non-PC embedded devices. Many are Internet-accessible but, because of their operating system and processing power limitations, they may not include any advanced security features," wrote Symantec in a blog posting.

Symantec went on to provide a number of steps that you can take to protect your IoT device from being compromised by nefarious parties. These include using strong passwords for your devices and your home Wi-Fi network, avoiding default usernames (which makes it easier compromise a device), disabling services like Telnet and SSH, and making sure that your device has the latest firmware updates installed (among other things).

For a comprehensive look at what you can do to safeguard your devices, check out our article here.

Tags:  DDoS, IoT, krebsonsecurity, brian krebs
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment