FortiGuard Labs Threat Research
It happened again. This past weekend we witnessed another record-setting DDoS attack, probably primarily caused by infected IoT devices. This attack is attributed to the same piece of code - Linux/Mirai - which attacked KrebsOnSecurity.com and OVH in September.
Date |
Where |
Rate |
Comments |
---|---|---|---|
Oct 21, 2016 |
? |
Some of the attacks were coming from hosts infected with Mirai. Impacted sites included Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix. New World Hackergroup claimed responsibility. |
|
Sept 22, 2016 |
OVH |
1 Tbps |
145,607 cameras and DVRs |
Sept 13, 2016 |
620 Gbps |
More info from host Akamai |
|
Aug 17, 2016 |
280 Gbps |
Size of the botnet: 49,657 unique IPs. Most were CCTV cameras, DVRs, and routers. |
And now, I can't resist saying "I told you so." Yes, I started researching and warning about the risks of IoT infections approximately 20 months ago! I started hacking sports wristbands, and last year, at Hacktivity and Hack.lu 2015, I publicly outlined for the first time the attack scenario where a tracker propagates infection. Then again, at Insomni'hack in March 2016, later at Area 41, and most recently at Virus Bulletin 2016, I developed the topic explaining why an attacker might want to attack a connected toothbrush, a smart watch, or other connected devices.
Fortiguard Research Papers may be accessed here, which include my own talks and papers.
This will also be the main topic of my upcoming talk at DefCamp "Infecting Internet of Things". Couldn't be more appropriate, could it? Quite "amusingly," the talk was turned down by 2 conferences before that ;( So much for self-pride ;) Anyway, I resubmitted because I was really confident about the topic, and I am definitely happy to speak about it at DefCamp now.
Just like Mirai doesn't care about your IP cameras or DVRs, I will show with proof of concepts that consumer Internet of Things such as smart glasses or smart watches are at risk of propagating malware, taking part in larger attacks, or being the victims of ransomware.
Be warned, this is only the beginning of IoT-based malware.
-- the Crypto Girl