A newly discovered network botnet comprising an estimated 30,000 webcams and video recorders—with the largest concentration in the US—has been delivering what is likely to be the biggest denial-of-service attack ever seen, a security researcher inside Nokia said.
The botnet, tracked under the name Eleven11bot, first came to light in late February when researchers inside Nokia’s Deepfield Emergency Response Team observed large numbers of geographically dispersed IP addresses delivering “hyper-volumetric attacks.” Eleven11bot has been delivering large-scale attacks ever since.
Volumetric DDoSes shut down services by consuming all available bandwidth either inside the targeted network or its connection to the Internet. This approach works differently than exhaustion DDoSes, which over-exert the computing resources of a server. Hypervolumetric attacks are volumetric DDoses that deliver staggering amounts of data, typically measured in the terabits per second. Johnny-come-lately botnet sets a new record
At 30,000 devices, the Eleven11bot was already exceptionally large (although some botnets exceed well over 100,000 devices). Most of the IP addresses participating, Nokia researcher Jérôme Meyer told me, had never been seen engaging in DDoS attacks.
Besides a 30,000-node botnet seeming to appear overnight, another salient feature of Eleven11bot is the record-size volume of data it sends its targets. The largest one Nokia has seen from Eleven11bot so far occurred on February 27 and peaked at about 6.5 terabits per second. The previous record for a volumetric attack was reported in January at 5.6 Tbps.
“Eleven11bot has targeted diverse sectors, including communications service providers and gaming hosting infrastructure, leveraging a variety of attack vectors,” Meyer wrote. While in some cases the attacks are based on the volume of data, others focus on flooding a connection with more data packets than a connection can handle, with numbers ranging from a “few hundred thousand to several hundred million packets per second.” Service degradation caused in some attacks has lasted multiple days, with some remaining ongoing as of the time this post went live.
Codeberg got hit with a volumetric DDOS last month too
Nokia?
Nokia is a mobile infrastructure giant. They are just mostly business to business, so like Texas Instruments they are rather easy to mistake for being small.
I’m naive. What’s the motive for an attack like this?
Best case? Some grey hat found a hole in security for Internet connected cameras and is just having fun. Worst case? Training runs by a state actor.
It reads like the cyberpunk 2077 source material of the first corporate war, but with different names.
Gosh, I hope these things don’t start targeting Lemmy instances.
Looks like it was a practice run. It’s relatively easy to take out webservers with a standard DDOS attack. This is considerably more sophisticated, and I think they were testing it on gaming networks in prep for a larger attack on financial and/or government IT infrastructure.
I just hope that FOSS doesn’t become a regular training ground for immoral capitalists to assault.
We don’t have money, so ransom attacks are unlikely.
If it’s state actors and cyber warfare, which I think is fair to suspect, we’re probably way under the radar. We’re not quite critical infrastructure just yet. :)
For the lols attacks could happen anywhere, but this is not that.
Whew, good to know!
Lol, and what would the ransom be for taking down someone’s money-burning hobby project?
No ransom. This might be someone’s hobby project but it is dangerous, or will be, to the handful of dweeby, fake-ripped broligarchs that want to control ALL of our conversations.
Well, there was an article I read elsewhere on Lemmy that said that FOSS is an enemy of capitalism by being a cheaper competitor, so capitalist dogs may try to attack FOSS developers’ resources and willpower to keep going so they can funnel all of us users over to their paid products.
The lulz
So what’s the damage here? I can’t find anything about the targets. Is this why my Xbox is having server issues?
DOGE exploiting this?
webcams? like plugin web cameras? we talking ring cameras or something?
IP cameras more likely. USB Webcams don’t talk over IP.
Yeah, so Ring cameras?
There are a ton of really cheap Chinese IP cameras out there. Those are less secure then ring or wyze cameras.
Oh I believe it.
deleted by creator
