Giant botnet created by hacked cameras, routers and IoT appliances such as cameras, lights and thermostats held the largest ever DDoS attack against the website of a top blogger Brian Krebs, a specialist in the field of security. The attack was so strong that Akamai Technologies (Content Delivery Network & Cloud Computing Services Platform) had to cancel his account because of the vast amount of resources being driven into his defense.
Akamai has stopped the hosting of Krebsonsecurity.com after an attack that generated 665Gbps of bogus traffic to his site on Tuesday, September 20. The DDoS attack lasted for more than 2 days and was almost double in size in comparison to the previous high of 363Gbps that Akamai has registered thus far.
The reason to drop the protection of his account was not because Akamai could not defend against the attack, but because it would have been too expensive. Therefore, the company has taken a business decision to cut off the affected Krebsonsecurity.com said Andy Ellis, chief security officer (CSO) of the company.
Unlike previous attacks of such scale, where attackers use vulnerabilities in DNS systems to redirect traffic towards victimized websites, in this case the method of choice was legitimate http "Get” requests flooding the site directly, which makes it harder to defend against.
The company is still analyzing the actual number of devices involved in the attack, but preliminary review shows that the number could be close to a million, with majority of them being Internet of Things devices. Those non-traditional endpoints, as well as networking SOHO devices are becoming a predominant target by botnets.
The number of Internet of Things devices is estimated to reach 21 billion by 2020. With numbers like this, the scale of the botnets that might be created by these relatively unsecured machines could be huge, said Dave Lewis, global security expert at Akamai. “What if an attacker injects code into devices to create a Fitbit botnet?” he adds.
No one has taken a responsibility for the attack yet. Unknown remain and the method been used to infect the individual devices.