A newly discovered network botnet comprising an estimated 30,000 webcams and video recorders—with the largest concentration in the US—has been delivering what is likely to be the biggest denial-of-service attack ever seen, a security researcher inside Nokia said.
The botnet, tracked under the name Eleven11bot, first came to light in late February when researchers inside Nokia’s Deepfield Emergency Response Team observed large numbers of geographically dispersed IP addresses delivering “hyper-volumetric attacks.” Eleven11bot has been delivering large-scale attacks ever since.
Volumetric DDoSes shut down services by consuming all available bandwidth either inside the targeted network or its connection to the Internet. This approach works differently than exhaustion DDoSes, which over-exert the computing resources of a server. Hypervolumetric attacks are volumetric DDoses that deliver staggering amounts of data, typically measured in the terabits per second. Johnny-come-lately botnet sets a new record
At 30,000 devices, the Eleven11bot was already exceptionally large (although some botnets exceed well over 100,000 devices). Most of the IP addresses participating, Nokia researcher Jérôme Meyer told me, had never been seen engaging in DDoS attacks.
Besides a 30,000-node botnet seeming to appear overnight, another salient feature of Eleven11bot is the record-size volume of data it sends its targets. The largest one Nokia has seen from Eleven11bot so far occurred on February 27 and peaked at about 6.5 terabits per second. The previous record for a volumetric attack was reported in January at 5.6 Tbps.
"Eleven11bot has targeted diverse sectors, including communications service providers and gaming hosting infrastructure, leveraging a variety of attack vectors," Meyer wrote. While in some cases the attacks are based on the volume of data, others focus on flooding a connection with more data packets than a connection can handle, with numbers ranging from a "few hundred thousand to several hundred million packets per second." Service degradation caused in some attacks has lasted multiple days, with some remaining ongoing as of the time this post went live.
Gosh, I hope these things don't start targeting Lemmy instances.
Looks like it was a practice run. It's relatively easy to take out webservers with a standard DDOS attack. This is considerably more sophisticated, and I think they were testing it on gaming networks in prep for a larger attack on financial and/or government IT infrastructure.
I just hope that FOSS doesn't become a regular training ground for immoral capitalists to assault.
We don't have money, so ransom attacks are unlikely.
If it's state actors and cyber warfare, which I think is fair to suspect, we're probably way under the radar. We're not quite critical infrastructure just yet. :)
For the lols attacks could happen anywhere, but this is not that.
But we do have information, and knowledge is power. Money is an intermediary.
Information here is public.
That said, there has been problems of people scraping random fediverse servers and causing a lot of traffic, in turn sending a huge bill to the owner of the instance.
Whew, good to know!
Lol, and what would the ransom be for taking down someone's money-burning hobby project?
Well, there was an article I read elsewhere on Lemmy that said that FOSS is an enemy of capitalism by being a cheaper competitor, so capitalist dogs may try to attack FOSS developers' resources and willpower to keep going so they can funnel all of us users over to their paid products.
No ransom. This might be someone's hobby project but it is dangerous, or will be, to the handful of dweeby, fake-ripped broligarchs that want to control ALL of our conversations.
For example, some conspiracy theories say that FOSS maintainers being trash talked and having their families threatened online might be state actors trying to get them to give up the project so that someone else can continue it and insert vulnerabilities (especially if it’s a dependency of many other projects).
The lulz