Internet’s largest 1Tbps DDoS Attack was conducted using 145k hacked cameras

Thousands of Hacked Cameras, DVRs and IoT devices responsible for Biggest DDoS Attacks till date.

Previously we informed you that KrebsOnSecurity, a security news blog, went offline for over a day due to a 665 Gbps distributed denial of service (DDoS) attack. This attack is being touted as the biggest and record-breaking attack so far. Investigations into the matter suggested that various Internet of Things (IoT) devices, infected routers and hacked security cameras were responsible for the huge attack.

But that was what happened last week, the latest news is that another website has been attacked with a mind-blowing 1.1 terabits per second attack, which obviously is about 60% bigger than the one mentioned above. A France-based web hosting website has become a victim of this staggering DDoS attack.

Must Read: Thousands of CCTV Devices DDoSing Small-Business Websites

OVH founder Octave Klaba identified the attacks on September 19. The first attack was 1.1 TBPS while the one that followed soon after was 901 GBPS. More attacks were reported on Friday, all touching the same overwhelmingly high range.

According to Klaba, the latest DDoS attacks were launched via numerous hacked internet-connected cameras and also digital video recording devices. Each of these devices had the ability to launch 1MBPS to 30MBPS attacks. The Botnet were capable of launching attacks of 1.5 TBPS. Klaba reported on Monday that over 6,800 new cameras have become part of the botnet and dozens of new DDoS attacks were launched against the same web hosting service. These new attacks ranged between 100 and 800 GBPS. By Wednesday, reports Klaba, 15,000 more devices joined the botnet and have participated in fresh attacks on the web host.

Currently, the number of attacks hasn’t been confirmed but Klaba suggests that KrebsOnSecurity and his own network could possibly be targeted by the same botnet and even if the botnets are different, the past week’s events have set a new precedent in DDoS attacks.

We can now expect over 600 gig botnet attacks to become a norm sooner as these are already getting so recurrent.

Also Read: Hackers Found DDoSing Through Hacked CCTV Cameras

Akamai’s security intelligence team member Martin McKeay states that “we will see a dozen of them a quarter, we’ll see a couple hundred of them a year. Now that people know those are a possibility, they’re going to start pushing in that direction. They’re going to make it happen.”

It must be noted that the largest DDoS attack mitigated by Akamai so far was in June that reached 363 GBPS.

Map shows which state have more unprotected cams

 

Related  “This is you?” message is the latest scam to be distributed via Facebook

Related: The Troubling State of Security Cameras; Thousands of Devices Vulnerable

We must not forget the IoT devices and other internet connected devices like routers, smart switches, security cameras and DVRs could be easily infected because most of them come with just one control panel and their functioning mechanism is also quite mundane. This is why these devices cannot be scanned for malware with an antivirus software.these devices also won’t show any signs that they are conducting DDoS attacks or participating in any such campaign.

But what you can do to prevent this from happening to you is to change all the default passwords and never keep such devices connected to the internet all the time.

Written by Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.