A week after infosec expert Bruce Schneier warned of unknown threat actors probing the defenses of several internet companies with powerful DDoS attacks, a series of record-setting attacks struck several targets, including the site of infosec journalist Brian Krebs.
The DDoS attack that hit Krebs' website, KrebsonSecurity.com, was initially measured at 665 Gbps, but Krebs said more recent analysis estimated it was closer to 620 Gbps. According to Krebs, Akamai Technologies, which provided pro bono anti-DDoS services to KrebsonSecurity, said the attack was nearly twice as large as any DDoS attack the company had ever seen. Experts noted that the size of the attack was unprecedented because it did not use amplification techniques and instead relied on a botnet of compromised devices.
That someone can produce a 600 Gbps DOS isn't surprising. That someone can produce a non-amplified DOS is. This has some huge implications— Nicholas Weaver (@ncweaver) September 23, 2016
The attack on Krebs' site was so potent it forced Akamai to drop the site from its DDoS protection service in order to protect other customers on the content delivery network; Krebs noted he understood Akamai's decision and didn't fault the company. As a result, KrebsonSecurity.com was offline for much of last week as the DDoS attack continued, though the site was restored over the weekend after being moved to Google's Project Shield anti-DDoS service.
While KrebsonSecurity.com has been the target of frequent DDoS attacks in the past, Krebs had posted a series of articles the previous week about vDOS, a DDoS-for-hire service. Two Israeli citizens were arrested in connection with the vDOS service last week.
European web hosting firm OVH also confirmed last week it was hit with a series of even more powerful DDoS attacks. OVH's CTO Octave Klaba claimed via Twitter that the attacks totaled more than 1 Tbps. He added that the botnet behind the attack used more than 145,000 infected DVRs and Internet-connected cameras, which were capable of sending 1.5 Tbps in a DDoS attack.
Last days, we got lot of huge DDoS. Here, the list of "bigger that 100Gbps" only. You can see the— Octave Klaba / Oles (@olesovhcom) September 22, 2016
simultaneous DDoS are close to 1Tbps ! pic.twitter.com/XmlwAU9JZ6
In addition, video game company Blizzard Entertainment was hit with several DDoS attacks last week, some of which impacted the company's servers and prevented customers from establishing Internet connections to their games. A hacking group known as "PoodleCorp" claimed responsibility for the attacks, which have ended.
These powerful DDoS attacks come on the heels of Bruce Schneier's post on national security blog Lawfare, in which he described how unidentified threat actors were apparently testing the defenses of major internet infrastructure companies with powerful DDoS attacks.
"Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them," Schneier wrote. "Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing."
Last week's attacks also coincide with a research report from Symantec that described how powerful DDoS attacks were using IoT malware to comprise poorly-protected devices. According to the report, Symantec discovered a dozen different IoT malware families that were actively infecting devices such as home automation or home security devices, which the company called "soft targets."
"DDoS attacks remain the main purpose of IoT malware," the report read. "Poor security on many IoT devices makes them soft targets and often victims may not even know they have been infected. Attackers are now highly aware of lax IoT security and many pre-program their malware with commonly used and default passwords."
Krebs echoed Symantec's findings in a post Sunday, writing that "there is every indication" that the attack on his website was derived from a botnet that had compromised a large number of IoT devices such as routers, IP cameras and DVRs.
DDoS attacks leveraging IoT malware have become more common lately. This summer a series of powerful DDoS attacks using infected IoT devices, courtesy of the LizardStresser botnet, were directed at several targets in Brazil, including government agencies and telecom firms, as well as companies in the U.S.
Learn how to handle a DDoS attack on your DNS provider.
Find out about the different types of DDoS attacks that can affect enterprises.
Read more on how DDoS attacks can bypass DNS rerouting services.