With each passing day we’re witnessing the poor and extremely dire state of internet security across the globe. First it was the wildly popular Pokemon Go servers, followed by Battle.net and Krebs Security. But, now a French hosting company OVH has been hit with possibly the largest distributed-denial-of-service(DDoS) attack of the world — specifically for another game.
What seemed to be a fairly normal day for the french hosting company turned into its biggest nightmare when it was hit with two simultaneous DDoS attacks. Their bandwidth when combined amounted to a total of 1 terabits per second — one of the largest and enough to crash any network. It was a record-breaking attack, where one of the two attacks alone peaked to 799 Gbps of traffic. The same was immediately reported by Octave Klaba, founder and CTO of OVH on his Twitter.
Last days, we got lot of huge DDoS. Here, the list of “bigger that 100Gbps” only. You can see the
simultaneous DDoS are close to 1Tbps ! pic.twitter.com/XmlwAU9JZ6
— Octave Klaba / Oles (@olesovhcom) September 22, 2016
According to further investigations, the hackers had targeted Minecraft servers hosted on the OVH network, and DDoS attack was carried out using a botnet madeup of over 145,000 IoT devices which included hacked digital video recorders and IP cameras. Klaba also tweeted that hackers had the ability to generate 1 Mbps to 30 Mbps traffic from each exposed internet protocol(IP) on the network. This botnet, thus, had the ability to launch a DDoS attack that could’ve exceeded 1.5 Tbps — and that would’ve been even worse.
The hackers were easily able to source junk traffic from all these smart home devices as they’re poorly configured, or vulnerable due to reusability of cryptographic keys. This is due to the negligence of manufacturers who’re making smart home routers, vaccums, cameras, etc. that are prone to hijacking. And owners are also not taking precautions to make their network and the connected device more secure.
With a DDoS attack of such magnitude, researchers who’ve been weary over the security of smart home(or Internet of Things) devices have also been proven right. Recently security researcher Brian Krebs’ website was also hit with one of the largest DDoS attacks with a traffic of 620 Gbps, which knocked his website offline.
The attackers had flooded his website in retaliation of him uncovering the masterminds(co-founders of vDOS) behind some of the largest DDoS attacks in the last decade. His DDoS migration provider Akamai, with the fear of attack on its own servers, suspended its pro bono services to Krebs and he eventually had to seek help from Google’s Project Shield. The attack on his website was also sourced from junk data traffic from millions of IoT devices.
There is every indication that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called ‘Internet of Things,’ (IoT) devices—mainly routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords,
he said in the official blogpost.
According to a recent Akamai report, distributed-denial-of-service attacks are still on the rise and India ranks among the top ten source countries for the same. In the past quarter, the total number of distributed denial of service(DDoS) attacks have increased 129 per cent but the company has managed to mitigate 4,219 of those attacks. The attacks size are still humongous, with a median size(or bandwidth) of about 363 Gbps.