Report confirms IoT botnet took down Krebs' security site

Two weeks ago, security researcher Brian Krebs’ site KrebsOnSecurity got knocked offline by one of the biggest DDOS attacks ever recorded, which peaked at 620 Gbps. What happened? Akamai, which had been protecting the site for free but ultimately had to unload it as the sustained traffic would have cost them millions of dollars, released a postmortem today. In it, they confirm that the attacker mainly used the Mirai malware to ovewhelm Krebs’ site, though there may have been another botnet involved. But the most crucial distinction from a normal DDOS strike: These bots were mostly IoT devices.

The majority of the estimated 145,000 devices were security cameras and DVRs used in home or office settings. Many of these were using either default passwords or easily-guessed ones (“1234,” “password,” “admin”). Around half of the traffic came from the Europe, Middle East and Africa (EMEA) region, indicating where the compromised devices were located. The volume of traffic was uniquely large, nearly double what Akamai had previously seen in a 363 Gbps attack back in June.

Finally, a large portion of the traffic connected directly from the botnet to the target, rather than reflect or amplify traffic as is typical for DDoS strikes. As Softpedia notes, researchers thought this direct flood to be hardly possible as it would require the attacker to directly control a large volume of bots.

Krebs’ site was likely targeted after he’d busted a two-person DDOS-for-hire outfit in early September that had been responsible for a “majority” of the denial-of-service cyberattacks in recent years. Days after Akamai reluctantly stopped protecting the site, he finally got KrebsOnSecurity back online after getting help from Alphabet’s Project Shield, a free service that protects journalists from denial-of-service assaults.

A DDoS expert noted that an Akamai-level defense would cost Krebs $150,000 annually, far beyond the budgets of most independent writers and newsrooms. While this report confirms much of what was already suspected, it also cements how easily a voice can be silenced, especially since the Mirai malware’s author open-sourced its code for anyone to use.

Via: Softpedia

Source: Akami blog

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On