360 Total Security Blog

The biggest DDoS attack powered by 150,000 hacked IoT devices

France-based hosting provider OVH encountered a series of Distributed Denial of Service (DDoS) attacks last week. With a record-breaking combined bandwidth of over 1Tbps, this attack became the largest DDoS attack ever.

Octave Klaba, the founder and CTO of OVH, indicated on Twitter that the simultaneous DDoS generated a traffic close to 1 Tbps, and the used botnet composed by 145,607 hacked devices is able to send more than 1.5Tbps DDoS.

DDoS launched by same attackers also hit another Information security site recently

Another site falling into victim to a DDoS attack recently was KredbsOnSecurity, an information security blog. This site was hit as revenge for unveiling of a DDoS service provider, vDOS, which then led to the arrest of two 18-year-old

leaders of vDOS. This attack was believed to be powered by hacked cameras and reached almost 665 Gbps of traffic. KredbsOnSecurity eventually turned to Google’s Shield project to seek shelter.

According to Forbes, these two DDoS attacks were caused by the same group of hackers. The hacking network comprised hundreds of thousands of IoT devices, such as routers, monitors and Internet-connected IP cameras. Most of the traffic of the attack was originated in Asia, including China, South Korea, Taiwan and Vietnam.

IoT devices hacks will increase in the near future 

The Internet of Things (IoT) devices are widely deployed in our everyday life nowadays. You may already possess a smartwatch or smartphone now, or even have an Internet-connected TV and refrigerator at home. As the trend of IoT is growing rapidly, it will create a huge amount of new entry points to be leveraged by attackers.

As there is still no stringent security regulations or standardized encryption mechanisms, IoT devices are vulnerable to hackers and may be easily infected and used as cyber weapons to launch giant attacks. This type of attack will become more and more common in the following years. As security expert Roland Dobbins warned, “Action, therefore, needs to be taken, both at the internet service provider (ISP) level and across IoT device makers.’’