Leet Botnet Rivals Mirai With 650 Gbps DDoS Attack On CDN And Security Service Provider Incapsula

Large scale distributed denial of service (DDoS) attacks powered by thousands and sometimes millions of Internet of Things (IoT) devices that have been turned into a massive botnet is something that content delivery networks (CDNs) and service providers must be prepared for in 2017. Lest anyone thinks otherwise, yet another "huge DDoS" assault was reported before the end of this year, this time from Incapsula, which fended off the largest attack to date on its network.

With ten days to go before 2016 is in the rear view mirror (along with all of the celebrities it took), Incapsula found itself mitigating a DDoS attack that peaked at 650 gigabits per second, which is about 30Gbps more than the one that targeted the popular security blog KrebsOnSecurity in September. That incident caused the site's cloud service provider Akamai to no longer offer the blog's owner, Brian Krebs, free service.


In this case, the attack started at around 10:55 AM on December 21 and targeted several IPs in Incapsula's network. The CDN surmises that the attacker was not able to resole the IP address of his intended victim, which was masked by Incapsula's proxies, so he turned his attention to the CDN instead.

The first attacked lasted about 20 minutes and peaked at 400Gbps. After that failed to "make a dent," the attacker regrouped for another round and pelted the CDN with a larger botnet capable of generating 650Gbps of traffic and 150 million packets per second. That assault lasted 17 minutes and was "easily countered" as well.

"This was a fitting end to a year of huge DDoS assault, nasty new malware types and massive IoT botnets. What’s more, it showed exactly where things are heading next on the DDoS front. Spoiler alert: it’s about to get a lot worse," Incapsula stated.

Up to this point, all of the massive DDoS attacks in 2016 were associated with Mirai, the source code of which was released into the wild earlier this year. The attack on Incapsula appears to be different, coming from a new malware that the author labeled as "1337," or Leet.

Mirai alone was responsible for a 71 percent surge in global DDoS attacks, according to a recent report by Akamai. This is a problem that will grow even larger until device makers and consumers do a better job securing IoT devices.