09-03-2016 , 09:27 AM
Attackers Combine Three Botnets to Launch Massive DDoS Attack
Crooks use a botnet of CCTV cameras, one of home routers, and one made up by compromised web servers
An unnamed website has been at the end of a ferocious Layer 7 DDoS attack that involved traffic from over 47,000 distinct IP addresses, most of which belonged to IoT (CCTV) devices, home routers, and compromised Linux servers.
Sucuri, a US web security vendor who was called in to mitigate the incident, says the attack reached a whopping 120,000 requests per second, and that the attacker used a flood of HTTPS packets in order to maximize resource consumption on the target's machines.
Most of the DDoS traffic came from hijacked CCTV systems
After the attack had subsided, Sucuri experts that were investigating the incident discovered that the DDoS traffic didn't come from one singular source, but the attacker had combined (possibly rented) three different distinct botnets.
The company was well aware of one of the botnets, which they previously discovered at the end of June.
This was a 25,000-strong botnet assembled after compromising Internet-connected CCTV devices from different vendors, most of which were running firmware made by Chinese firm TVT.
The group behind this recent DDoS attack wasn't content with the capabilities provided by this botnet and had also created/rented another botnet to help their efforts.
A quarter of the traffic also came from compromised home routers
According to Sucuri, the group was controlling another botnet comprised of 11,767 home routers from eight major industry brands.
The attackers had managed to take control over these devices by using various firmware vulnerabilities or by hijacking the routers for which device owners didn't change the default admin panel password.
Compromised Huawei routers made more than half of this botnet, with 6,015 devices, almost 51 percent of the entire botnet. Second came Mikro RouterOS (2,119 devices - 18 percent), AirOS routers (245 routers), but also NuCom 11N Wireless Routers, Dell SonicWall, VodaFone, Netgear, and Cisco.
For more visit: http://news.softpedia.com/news/attackers...7901.shtml
Crooks use a botnet of CCTV cameras, one of home routers, and one made up by compromised web servers
An unnamed website has been at the end of a ferocious Layer 7 DDoS attack that involved traffic from over 47,000 distinct IP addresses, most of which belonged to IoT (CCTV) devices, home routers, and compromised Linux servers.
Sucuri, a US web security vendor who was called in to mitigate the incident, says the attack reached a whopping 120,000 requests per second, and that the attacker used a flood of HTTPS packets in order to maximize resource consumption on the target's machines.
Most of the DDoS traffic came from hijacked CCTV systems
After the attack had subsided, Sucuri experts that were investigating the incident discovered that the DDoS traffic didn't come from one singular source, but the attacker had combined (possibly rented) three different distinct botnets.
The company was well aware of one of the botnets, which they previously discovered at the end of June.
This was a 25,000-strong botnet assembled after compromising Internet-connected CCTV devices from different vendors, most of which were running firmware made by Chinese firm TVT.
The group behind this recent DDoS attack wasn't content with the capabilities provided by this botnet and had also created/rented another botnet to help their efforts.
A quarter of the traffic also came from compromised home routers
According to Sucuri, the group was controlling another botnet comprised of 11,767 home routers from eight major industry brands.
The attackers had managed to take control over these devices by using various firmware vulnerabilities or by hijacking the routers for which device owners didn't change the default admin panel password.
Compromised Huawei routers made more than half of this botnet, with 6,015 devices, almost 51 percent of the entire botnet. Second came Mikro RouterOS (2,119 devices - 18 percent), AirOS routers (245 routers), but also NuCom 11N Wireless Routers, Dell SonicWall, VodaFone, Netgear, and Cisco.
For more visit: http://news.softpedia.com/news/attackers...7901.shtml