Software Integrity

 

IoT fueling larger DDoS attacks

Hacked internet-connected cameras and digital video recorders are to blame for a series of DDoS attacks that took down KrebsonSecurity last week.

The attacks were first reported on September 19 by Octave Klaba, the founder and CTO of OVH.

According to Ars Technica Klaba reported that more than 6,800 new cameras had joined the botnet and said further that over the previous 48 hours the hosting service was subjected to dozens of attacks, some ranging from 100 Gbps to 800 Gbps.

“Now that we’ve see a 600 gig botnet, we have to plan that within one to two years, those are going to become common,” Martin McKeay, a member of Akamai’s security intelligence team, told Ars. “They may not be every attack, but we will see a dozen of them a quarter, we’ll see a couple hundred of them a year. Now that people know those are a possibility, they’re going to start pushing in that direction. They’re going to make it happen.”

Previously, the previous highest DDoS attack Akamai had seen was 363 Gbps.

Internet connected cameras have been known to contain exploitable software flaws, such as the CCTV-based botnet reported last spring.