A New Kind of Botnet: Eleven11bot
A Threat of Unprecedented Proportions
A newly discovered network botnet comprising an estimated 30,000 webcams and video recorders—with the largest concentration in the US—has been delivering what is likely to be the biggest denial-of-service attack ever seen, a security researcher inside Nokia said.
The Botnet’s Rise to Notoriety
The botnet, tracked under the name Eleven11bot, first came to light in late February when researchers inside Nokia’s Deepfield Emergency Response Team observed large numbers of geographically dispersed IP addresses delivering "hyper-volumetric attacks." Eleven11bot has been delivering large-scale attacks ever since.
A New Kind of DDoS Attack
Volumetric DDoSes shut down services by consuming all available bandwidth either inside the targeted network or its connection to the Internet. This approach works differently than exhaustion DDoSes, which over-exert the computing resources of a server. Hypervolumetric attacks are volumetric DDoSes that deliver staggering amounts of data, typically measured in the terabits per second.
A Record-Breaking Botnet
At 30,000 devices, the Eleven11bot was already exceptionally large. Most of the IP addresses participating, Nokia researcher Jérôme Meyer told me, had never been seen engaging in DDoS attacks. Besides a 30,000-node botnet seeming to appear overnight, another salient feature of Eleven11bot is the record-size volume of data it sends its targets.
The Attack’s Impact
The largest one Nokia has seen from Eleven11bot so far occurred on February 27 and peaked at about 6.5 terabits per second. The previous record for a volumetric attack was reported in January at 5.6 Tbps. Eleven11bot has targeted diverse sectors, including communications service providers and gaming hosting infrastructure, leveraging a variety of attack vectors. While in some cases the attacks are based on the volume of data, others focus on flooding a connection with more data packets than a connection can handle, with numbers ranging from a "few hundred thousand to several hundred million packets per second." Service degradation caused in some attacks has lasted multiple days, with some remaining ongoing as of the time this post went live.
Conclusion
The rise of Eleven11bot is a significant concern for the security community, as it has the potential to cause unprecedented damage to online services and infrastructure. It is crucial for organizations to take measures to protect themselves against these types of attacks and for researchers to continue monitoring the situation to ensure the best possible response.
FAQs
Q: What is the size of the Eleven11bot botnet?
A: The botnet is estimated to comprise around 30,000 webcams and video recorders.
Q: What is the impact of the attacks launched by Eleven11bot?
A: The attacks can cause service degradation and shutdown, lasting from a few days to ongoing.
Q: What sectors have been targeted by Eleven11bot?
A: The botnet has targeted communications service providers and gaming hosting infrastructure.
Q: What is the record-breaking volume of data sent by Eleven11bot?
A: The record-breaking volume of data sent by Eleven11bot is around 6.5 terabits per second.
