Internet of Things-Driven DDoSes on the Rise
Lax Security, Ample Bandwidth
We’re only three weeks into 2025, and it’s already shaping up to be the year of Internet of Things-driven DDoSes. Reports are rolling in of threat actors infecting thousands of home and office routers, web cameras, and other Internet-connected devices.
A Sampling of Research
Here is a sampling of research released since the first of the year.
A Record-Breaking DDoS
A post on Tuesday from content-delivery network Cloudflare reported on a recent distributed denial-of-service attack that delivered 5.6 terabits per second of junk traffic—a new record for the largest DDoS ever reported. The deluge, directed at an unnamed Cloudflare customer, came from 13,000 IoT devices infected by a variant of Mirai, a potent piece of malware with a long history of delivering massive DDoSes of once-unimaginable sizes.
A Large-Scale, Ongoing Operation
The same day, security company Qualys published research detailing a "large-scale, ongoing operation" dubbed the Murdoc Botnet. It exploits vulnerabilities to install a Mirai variant, primarily on AVTECH Cameras and Huawei HG532 routers. Late Tuesday afternoon, searches like this one indicated devices on more than 1,500 IP addresses were compromised, up from a figure of 1,300 reported a few hours earlier by Qualys. These devices are also waging DDoSes. It’s unknown if Cloudflare and Qualys are reporting on the same botnet.
Another IoT Botnet Discovered
Last week, security company Trend Micro said it also found an IoT botnet. The botnet, which is driven by variants of Mirai and a similar malware family known as Bashlite, has been delivering large-scale DDoSes since the end of last year, primarily to targets in Japan.
A Large Cannon, Poised and Ready
A report early last week from security firm Infoblox revealed a botnet comprising 13,000 devices—mostly routers manufactured by MikroTik—that researchers likened to “a large cannon, poised and ready to unleash a barrage of malicious activities.” The primary activity Infoblox has observed from this botnet is a flood of malicious spam emails that attempt to trick recipients into executing malicious file attachments.
Conclusion
The recent surge in IoT-driven DDoSes highlights the urgent need for improved security measures to protect these devices. With the potential for massive bandwidth and the lack of security, it’s crucial to take steps to mitigate these threats.
FAQs
Q: What is a DDoS attack?
A: A distributed denial-of-service (DDoS) attack is a type of cyber-attack where a single attacker targets a single system or network, overwhelming it with traffic from multiple sources.
Q: What is Mirai?
A: Mirai is a potent piece of malware with a long history of delivering massive DDoSes of once-unimaginable sizes.
Q: What is the Murdoc Botnet?
A: The Murdoc Botnet is a large-scale, ongoing operation that exploits vulnerabilities to install a Mirai variant, primarily on AVTECH Cameras and Huawei HG532 routers.
Q: What is the Bashlite malware family?
A: The Bashlite malware family is a similar malware family to Mirai, used to drive large-scale DDoSes.
