This content is part of the Essential Guide: How to attack DDoS threats with a solid defense plan
News Stay informed about the latest enterprise technology news and product updates.

Powerful DDoS attacks leveraging IoT devices hit several companies

A series of potent, record-setting DDoS attacks hit several targets last week and apparently used IoT malware to infect and leverage a large number of internet connect devices.

A week after infosec expert Bruce Schneier warned of unknown threat actors probing the defenses of several internet companies with powerful DDoS attacks, a series of record-setting attacks struck several targets, including the site of infosec journalist Brian Krebs.

The DDoS attack that hit Krebs' website,, was initially measured at 665 Gbps, but Krebs said more recent analysis estimated it was closer to 620 Gbps. According to Krebs, Akamai Technologies, which provided pro bono anti-DDoS services to KrebsonSecurity, said the attack was nearly twice as large as any DDoS attack the company had ever seen. Experts noted that the size of the attack was unprecedented because it did not use amplification techniques and instead relied on a botnet of compromised devices.

The attack on Krebs' site was so potent it forced Akamai to drop the site from its DDoS protection service in order to protect other customers on the content delivery network; Krebs noted he understood Akamai's decision and didn't fault the company. As a result, was offline for much of last week as the DDoS attack continued, though the site was restored over the weekend after being moved to Google's Project Shield anti-DDoS service.

While has been the target of frequent DDoS attacks in the past, Krebs had posted a series of articles the previous week about vDOS, a DDoS-for-hire service. Two Israeli citizens were arrested in connection with the vDOS service last week.

European web hosting firm OVH also confirmed last week it was hit with a series of even more powerful DDoS attacks. OVH's CTO Octave Klaba claimed via Twitter that the attacks totaled more than 1 Tbps. He added that the botnet behind the attack used more than 145,000 infected DVRs and Internet-connected cameras, which were capable of sending 1.5 Tbps in a DDoS attack.

In addition, video game company Blizzard Entertainment was hit with several DDoS attacks last week, some of which impacted the company's servers and prevented customers from establishing Internet connections to their games. A hacking group known as "PoodleCorp" claimed responsibility for the attacks, which have ended.

These powerful DDoS attacks come on the heels of Bruce Schneier's post on national security blog Lawfare, in which he described how unidentified threat actors were apparently testing the defenses of major internet infrastructure companies with powerful DDoS attacks.

"Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them," Schneier wrote. "Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing."

Last week's attacks also coincide with a research report from Symantec that described how powerful DDoS attacks were using IoT malware to comprise poorly-protected devices. According to the report, Symantec discovered a dozen different IoT malware families that were actively infecting devices such as home automation or home security devices, which the company called "soft targets."

"DDoS attacks remain the main purpose of IoT malware," the report read. "Poor security on many IoT devices makes them soft targets and often victims may not even know they have been infected. Attackers are now highly aware of lax IoT security and many pre-program their malware with commonly used and default passwords."

Krebs echoed Symantec's findings in a post Sunday, writing that "there is every indication" that the attack on his website was derived from a botnet that had compromised a large number of IoT devices such as routers, IP cameras and DVRs.

DDoS attacks leveraging IoT malware have become more common lately. This summer a series of powerful DDoS attacks using infected IoT devices, courtesy of the LizardStresser botnet, were directed at several targets in Brazil, including government agencies and telecom firms, as well as companies in the U.S.

Next Steps

Learn how to handle a DDoS attack on your DNS provider.

Find out about the different types of DDoS attacks that can affect enterprises.

Read more on how DDoS attacks can bypass DNS rerouting services.

Dig Deeper on Emerging cyberattacks and threats