Brand New Botnet Delives DDOS attacks with a record size

New network botnet Composed of approximately 30,000 webcams and video refurbers – with the biggest concentration in the United States – was the provision of what would probably be the biggest Rejection attack Once seen, Nokia security researcher said.

Botnet, tracked under the name Eleven11bot, first came to light at the end of February when the Nokia Deepfield response teams for Nokia’s emergencies observed A large number of geographical scattered IP addresses delivering “hyper-volumetric attacks”. Since then, Eleven11bot has been delivering large -scale attacks.

Obumetric DDOS Sutl Sutle Services by consuming the entire frequency lane or inside the target network or connecting to the Internet. This approach works differently from DDOS of exhaustion that overdo it with server computing resources. Hypermumetric attacks are voluminous DDOS, which supply striking amounts of data, usually measured in terrabites per second.

Johnny-Co-Come-Later Botnet puts a new entry

Of 30,000 devices the eleven 31bot were already extremely large (although some bottles exceed over 100,000 devices). Most of the participating IP addresses, Nokia Jérôme Meyer’s researcher told me, has never been seen in DDOS attacks.

In addition to the 30,000 Botnet knots, it seems to appear overnight, another noticeable feature of Eleven11bot is the volume of data on the size of the recording that sends its goals. The biggest one Nokia saw from Eleven11bot so far has happened on February 27 and reached about 6.5 terrabs per second. The previous volumetric attack record was reported In January at 5.6 Tbps.

“Eleven11bot has directed various sectors, including communication service providers and hosting gaming infrastructure using different attack vectors,” Mayer wrote. While in some cases the attacks are based on the volume of data, others focus on flooding more data packages than they can handle the connection, with numbers ranging from “several hundred thousand to several hundred million packs per second.” The degradation of the service caused by some attacks has lasted several days, with some remaining ongoing from the time when this post is live.

The breakdown has shown that the largest concentration of IP addresses, 24.4 percent, is located in the United States. Taiwan was next to 17.7 percent and the United Kingdom at 6.5 percent.

In an online interview, Mayer made the following points:

• This botnet is much more bigge than what we are used to seeing in DDOS attacks (the only precedent I mean is an attack from 2022. Immediately after Ukraine’s invasion of ~ 60k bots, but not public).
• The bigger part of his IPS did not participate in DDOS attacks before last week.
• Most of the IPS is security cameras (Censys believes that Hisilicon, I have seen many sources talk to Hikvision NVR too, so this is an opportunity, but not my area of ​​experience).
• Partly because the botnet is greater than the average, the size of the attack is also greater than the average.