A newly discovered network botnet comprising an estimated 30,000 webcams and video recorders—with the largest concentration in the US—has been delivering what is likely to be the biggest denial-of-service attack ever seen, a security researcher inside Nokia said.
The botnet, tracked under the name Eleven11bot, first came to light in late February when researchers inside Nokia’s Deepfield Emergency Response Team observed large numbers of geographically dispersed IP addresses delivering “hyper-volumetric attacks.” Eleven11bot has been delivering large-scale attacks ever since.
Volumetric DDoSes shut down services by consuming all available bandwidth either inside the targeted network or its connection to the Internet. This approach works differently than exhaustion DDoSes, which over-exert the computing resources of a server. Hypervolumetric attacks are volumetric DDoses that deliver staggering amounts of data, typically measured in the terabits per second. Johnny-come-lately botnet sets a new record
At 30,000 devices, the Eleven11bot was already exceptionally large (although some botnets exceed well over 100,000 devices). Most of the IP addresses participating, Nokia researcher Jérôme Meyer told me, had never been seen engaging in DDoS attacks.
Besides a 30,000-node botnet seeming to appear overnight, another salient feature of Eleven11bot is the record-size volume of data it sends its targets. The largest one Nokia has seen from Eleven11bot so far occurred on February 27 and peaked at about 6.5 terabits per second. The previous record for a volumetric attack was reported in January at 5.6 Tbps.
“Eleven11bot has targeted diverse sectors, including communications service providers and gaming hosting infrastructure, leveraging a variety of attack vectors,” Meyer wrote. While in some cases the attacks are based on the volume of data, others focus on flooding a connection with more data packets than a connection can handle, with numbers ranging from a “few hundred thousand to several hundred million packets per second.” Service degradation caused in some attacks has lasted multiple days, with some remaining ongoing as of the time this post went live.
Was just discussing with friends this morning that they should expect a digital false flag coming in. The crooks at the NSA or CIA were bound to retaliate to cuts, or create a problem to make themselves the heroes.
I just replaced my tplink with an opnsense and was able to see the wan logs. it’s legitimately frightening to see an increase in probes/attacks.
Codeberg got hit with a volumetric DDOS last month too
Nokia?
Nokia is a mobile infrastructure giant. They are just mostly business to business, so like Texas Instruments they are rather easy to mistake for being small.
I’m naive. What’s the motive for an attack like this?
My suspicion is a false flag by the intelligence agencies to push back against cuts or prove their value to the new admin. This is their style to protect or ask for larger budgets.
Best case? Some grey hat found a hole in security for Internet connected cameras and is just having fun. Worst case? Training runs by a state actor.
Pretty succinct summary. Good job.
Or one of the professionalized cybercryme groups.
They’re all state actors these days because all the ones that didn’t hook up with a country for protection either got their doors kicked in at 3 in the morning; or they kept to small enough operations to not be a real bother. I guess one of them could have forgotten the 2010’s, but I doubt it. They tend to be smarter than other criminals.
So what’s the damage here? I can’t find anything about the targets. Is this why my Xbox is having server issues?
It reads like the cyberpunk 2077 source material of the first corporate war, but with different names.
DOGE exploiting this?
webcams? like plugin web cameras? we talking ring cameras or something?
IP cameras more likely. USB Webcams don’t talk over IP.
Yeah, so Ring cameras?
There are a ton of really cheap Chinese IP cameras out there. Those are less secure then ring or wyze cameras.
Oh I believe it.
webcams? like plugin web cameras? we talking ring cameras or something?
Gosh, I hope these things don’t start targeting Lemmy instances.
Looks like it was a practice run. It’s relatively easy to take out webservers with a standard DDOS attack. This is considerably more sophisticated, and I think they were testing it on gaming networks in prep for a larger attack on financial and/or government IT infrastructure.
I just hope that FOSS doesn’t become a regular training ground for immoral capitalists to assault.
We don’t have money, so ransom attacks are unlikely.
If it’s state actors and cyber warfare, which I think is fair to suspect, we’re probably way under the radar. We’re not quite critical infrastructure just yet. :)
For the lols (lulz?) attacks could happen anywhere, but this is not that.
But we do have information, and knowledge is power. Money is an intermediary.
Whew, good to know!
Lol, and what would the ransom be for taking down someone’s money-burning hobby project?
No ransom. This might be someone’s hobby project but it is dangerous, or will be, to the handful of dweeby, fake-ripped broligarchs that want to control ALL of our conversations.
For example, some conspiracy theories say that FOSS maintainers being trash talked and having their families threatened online might be state actors trying to get them to give up the project so that someone else can continue it and insert vulnerabilities (especially if it’s a dependency of many other projects).
Well, there was an article I read elsewhere on Lemmy that said that FOSS is an enemy of capitalism by being a cheaper competitor, so capitalist dogs may try to attack FOSS developers’ resources and willpower to keep going so they can funnel all of us users over to their paid products.
The lulz
