CCTV Botnet-Led Cyberattack brings Record 1.5Tbps DDoS Attack

CCTV cameras

In what is easily largest recorded DDoS attack ever, a botnet of some 145,000 IoT (internet-of-things) devices and CCTV cameras were used to target a data hosting company with a 1.5 Terabyte DDoS attack.

DDoS attacks are among the most menacing cyberattacks, capable of crippling cybersecurity defenses before taking down internet infrastructure. Alarmingly, the attacks are only getting more powerful and sophisticated by the day.

Attackers are roping in devices including routers, security cameras, webcams and other ‘IoT’ devices to do their bidding and now, a fleet of cameras and other devices have targeted French data hosting provider OVH with a massive 1.5Tbps attack.

Fundamentally, a DDoS attack sees a network resource flooded with excessive internet traffic – through a barrage of IP addresses – trying to access the source, at the same time.

In this instance, OVH chief technology officer Octave Klaba revealed that 145,607 hosted cameras were used in the attack. The botnet army inundated OVH with the equivalent traffic of 30Mbps for every IP, peaking beyond 1.5Tbps overall.

In a post on social media, Klaba said:

This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn.

— Octave Klaba / Oles (@olesovhcom) September 23, 2016

Since then, the executive has revealed that the DDoS attack has only scaled further with additional IoT devices added to the swarm.

On Monday, Klaba wrote:

+6857 new cameras participated in the DDoS last 48H.

On Thursday, he revealed an update, with more CCTV cameras joining the crowd.

+15654 new cctv participated in the DDoS last 48H.

Finally, on early Friday morning, Klaba pointed to other IoT devices such as cable and DSL modems joining the fray.

> +18000 new cctv participated in the DDoS last 24H. Thanks for the “dynamic IP address” with xDSL/Cable/FTTH ..

The attacks go to show that everyday devices including routers, DVRs and other internet-enabled devices are easily compromised by attackers, without the knowledge of device owners. It could get a lot worse, according to DDoS mitigation and tech giant Akamai’s security intelligence executive Martin McKeay:

“It’s getting huge,” Akamai’s McKeay said, speaking to ArsTechnica. “You’re going to see brownouts, sections where a data center, an ISP, a region, may have so much traffic that it takes down that region.”

 Image credit: Pixabay.