The largest Distributed "Denial of Service attack" (DoS) ever delivered by botnet
The largest Distributed "Denial of Service attack" (DoS) ever delivered by a botnet composed of compromised IoT devices
Securing the internet of things should become a major priority now that an army of compromised devices – perhaps 1 million strong - has swamped one of the industry’s top distributed denial-of-service protection services.
A giant botnet made up of hijacked internet-connected things like cameras, lightbulbs, and thermostats has launched the largest DDoS attack ever against a top security blogger, an attack so big Akamai had to cancel his account because defending it ate up too many resources.
It wasn’t that Akamai couldn’t mitigate the attack – it did so for three days – but doing so became too costly, so the company made a business decision to cut the affected customer loose, says Andy Ellis the company’s chief security officer.
The delivery network has dropped protection for the Krebs on Security blog written by Brian Krebs after an attack delivering 665Gbps of traffic overwhelmed his site Tuesday. The size of the attack was nearly double that of any Akamai had seen before.
An IoT botnet generating this much traffic is a bellwether event that Ellis says will take some time to analyze to come up with more efficient mitigation tools.
Its impact is similar to the 2010 attacks by Anonymous using the open source, low-orbit ion cannon tool, or the 2014 DDoS attacks launched from compromised Joomla and WordPress servers, he says.
The lesson for enterprises is that the DDoS protections they have in place need to be tweaked to handle higher attack volumes, he says.