«Latest  ‹Forward   News item: 7196  Back›  Oldest» 

150.000 hacked Internet-of-Things gadgets used to launch mega-scale attack on Internet provider
France Created: 28 Sep 2016
Last week, the hosting provider OVH faced 1Tbps Distributed Denial-of-Service (DDoS) attack, likely the largest one ever seen.

The OVH founder and CTO Octave Klaba reported the 1Tbps DDoS attack on Twitter sharing an image that lists the multiple sources of the attack.

“Last days, we got lot of huge DDoS. Here, the list of “bigger that 100Gbps” only. You can see the simultaneous DDoS are close to 1Tbps !” said Klaba.

Klaba explained that the servers of its company were hit by multiple attacks exceeding 100 Gbps simultaneously concurring at 1 Tbps DDoS attack. One of the attacks documented by the OVH reached 93 MMps and 799 Gbps.

Klaba speculated the attackers used an IoT botnet [botnet=hacked devices abused for spamming, DDos etc.] composed also of compromised CCTV cameras.

Now Klaba added further information on the powerful DDoS attacks, the CTO of the OVH claimed that the botnet used by attackers is powered by more than 150,000 Internet of Things (IoT) devices, including cameras and DVRs.

The overall botnet is capable of launching attacks that exceed 1.5 Tbps.

The bad news for the OVH company is that attacks are still ongoing and the size of the botnet is increasing.

“+6857 new cameras participated in the DDoS last 48H.” added Klaba.

The company was targeted by various types of traffic, including Generic Routing Encapsulation (GRE) traffic, a novelty in the DDoS landscape.
Unfortunately, such kind of DDoS attacks will be even more frequent, it is too easy for hackers gain control of poorly configured, or vulnerable, IoT devices.

Last week experts observed another massive DDoS that targeted the website of the popular cyber security expert Brian Krebs. Krebsonsecurity was targeted by a DDoS attack of 665 Gbps.

The attacks against OVH and Krebsonsecurity are the largest ones reported so far.
Click here to view the source article.
Source: Securityaffairs, Pierluigi Paganini, 27 Sep 2016

«Latest  ‹Forward   News item: 7196  Back›  Oldest»