September 30, 2016 by

CCTV Botnet-Led Cyberattack brings Record 1.5Tbps DDoS Attack

In what is easily largest recorded DDoS attack ever, a botnet of some 145,000 IoT (internet-of-things) devices and CCTV cameras were used to target a data hosting company with a 1.5 Terabyte DDoS attack.

DDoS attacks are among the most menacing cyberattacks, capable of crippling cybersecurity defenses before taking down internet infrastructure. Alarmingly, the attacks are only getting more powerful and sophisticated by the day.

Attackers are roping in devices including routers, security cameras, webcams and other ‘IoT’ devices to do their bidding and now, a fleet of cameras and other devices have targeted French data hosting provider OVH with a massive 1.5Tbps attack.

Fundamentally, a DDoS attack sees a network resource flooded with excessive internet traffic – through a barrage of IP addresses – trying to access the source, at the same time.

In this instance, OVH chief technology officer Octave Klaba revealed that 145,607 hosted cameras were used in the attack. The botnet army inundated OVH with the equivalent traffic of 30Mbps for every IP, peaking beyond 1.5Tbps overall.

In a post on social media, Klaba said:

This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn.

— Octave Klaba / Oles (@olesovhcom) September 23, 2016

Since then, the executive has revealed that the DDoS attack has only scaled further with additional IoT devices added to the swarm.

On Monday, Klaba wrote:

+6857 new cameras participated in the DDoS last 48H.

On Thursday, he revealed an update, with more CCTV cameras joining the crowd.

+15654 new cctv participated in the DDoS last 48H.

Finally, on early Friday morning, Klaba pointed to other IoT devices such as cable and DSL modems joining the fray.

> +18000 new cctv participated in the DDoS last 24H. Thanks for the “dynamic IP address” with xDSL/Cable/FTTH ..

The attacks go to show that everyday devices including routers, DVRs and other internet-enabled devices are easily compromised by attackers, without the knowledge of device owners. It could get a lot worse, according to DDoS mitigation and tech giant Akamai’s security intelligence executive Martin McKeay:

“It’s getting huge,” Akamai’s McKeay said, speaking to ArsTechnica. “You’re going to see brownouts, sections where a data center, an ISP, a region, may have so much traffic that it takes down that region.”

 Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Researchers Develop Mirai Malware Vaccine for Insecure IoT Devices

Researchers have developed a novel new way to combat the dreaded Mirai botnet, the malware behind a...

Read more arrow_forward

U.S. Senators introduce New Bill that sets IoT Standards for Federal Suppliers

U.S. Senators are planning to introduce new bill that sets IoT standards for federal suppliers....

Read more arrow_forward

Artificial Intelligence - The Future of Cybersecurity

The sheer number of cyber-attacks and threats present in today’s world is considerable. As the...

Read more arrow_forward