The Internet is (once again) awash with IoT botnets delivering record DDoSes

Bigger, badder DDoSes are flooding the Internet. Dismal IoT security is largely to blame.

We’re only three weeks into 2025, and it’s already shaping up to be the year of Internet of Things-driven DDoSes. Reports are rolling in of threat actors infecting thousands of home and office routers, web cameras, and other Internet-connected devices.

Here is a sampling of research released since the first of the year.

Lax security, ample bandwidth

A post on Tuesday from content-delivery network Cloudflare reported on a recent distributed denial-of-service attack that delivered 5.6 terabits per second of junk traffic—a new record for the largest DDoS ever reported. The deluge, directed at an unnamed Cloudflare customer, came from 13,000 IoT devices infected by a variant of Mirai, a potent piece of malware with a long history of delivering massive DDoSes of once-unimaginable sizes.

The same day, security company Qualys published research detailing a "large-scale, ongoing operation" dubbed the Murdoc Botnet. It exploits vulnerabilities to install a Mirai variant, primarily on AVTECH Cameras and Huawei HG532 routers. Late Tuesday afternoon, searches like this one indicated devices on more than 1,500 IP addresses were compromised, up from a figure of 1,300 reported a few hours earlier by Qualys. These devices are also waging DDoSes. It’s unknown if Cloudflare and Qualys are reporting on the same botnet.

Last week, security company Trend Micro said it also found an IoT botnet. The botnet, which is driven by variants of Mirai and a similar malware family known as Bashlite, has been delivering large-scale DDoSes since the end of last year, primarily to targets in Japan.

A report early last week from security firm Infoblox revealed a botnet comprising 13,000 devices—mostly routers manufactured by MikroTik—that researchers likened to “a large cannon, poised and ready to unleash a barrage of malicious activities.” The primary activity Infoblox has observed from this botnet is a flood of malicious spam emails that attempt to trick recipients into executing malicious file attachments.

On January 7, researchers at China-based security firm Xlab said they've been tracking an IoT botnet since last February. The botnet, named with an offensive term, was mostly unremarkable until later in the year when it began targeting zero-day and recently fixed n-day vulnerabilities to infect more devices. By November, it began exploiting a zero-day in industrial routers sold by Four-Faith and unknown vulnerabilities in routers sold by Neterbit and in smart home devices from Vimar. The botnet comprises on average 15,000 compromised devices, mostly located in China, the United States, Iran, Russia, and Turkey. Threat actors are using it to wage DDoSes.

IoT devices are an ideal DDoS tool from the standpoint of an attacker. They typically ship running a version of Linux that is missing months, if not years, of security updates; infections are difficult to detect; and the devices often have lots of available bandwidth. In 2016—when IoT botnets were a new phenomenon—they were observed delivering DDoSes as high as 1Tbps, a once-unimaginable size. Cloudflare’s revelation on Tuesday that it observed and blocked an IoT botnet delivering a DDoS more than five times bigger indicates that these attacks continue to grow more potent.

A Cloudflare spokesperson said in an email that the attack was delivered not just by IoT devices but also virtual machines hosted inside cloud environments. The hybrid approach may be one example of the growing evolution of botnets in the race to create larger DDoSes.

The most effective way to protect IoT devices from compromise is to replace all default passwords with long, randomly generated ones that are unique to each device. Turning off remote management is also a good move when possible. And as always, installing security updates promptly is a must.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+

RIP Matrix | Farewell my friend