This content is part of the Essential Guide: How to attack DDoS threats with a solid defense plan
News Stay informed about the latest enterprise technology news and product updates.

Powerful DDoS attacks leveraging IoT devices hit several companies

A series of potent, record-setting DDoS attacks hit several targets last week and apparently used IoT malware to infect and leverage a large number of internet connect devices.

A week after infosec expert Bruce Schneier warned of unknown threat actors probing the defenses of several internet companies with powerful DDoS attacks, a series of record-setting attacks struck several targets, including the site of infosec journalist Brian Krebs.

The DDoS attack that hit Krebs' website,, was initially measured at 665 Gbps, but Krebs said more recent analysis estimated it was closer to 620 Gbps. According to Krebs, Akamai Technologies, which provided pro bono anti-DDoS services to KrebsonSecurity, said the attack was nearly twice as large as any DDoS attack the company had ever seen. Experts noted that the size of the attack was unprecedented because it did not use amplification techniques and instead relied on a botnet of compromised devices.

The attack on Krebs' site was so potent it forced Akamai to drop the site from its DDoS protection service in order to protect other customers on the content delivery network; Krebs noted he understood Akamai's decision and didn't fault the company. As a result, was offline for much of last week as the DDoS attack continued, though the site was restored over the weekend after being moved to Google's Project Shield anti-DDoS service.

While has been the target of frequent DDoS attacks in the past, Krebs had posted a series of articles the previous week about vDOS, a DDoS-for-hire service. Two Israeli citizens were arrested in connection with the vDOS service last week.

European web hosting firm OVH also confirmed last week it was hit with a series of even more powerful DDoS attacks. OVH's CTO Octave Klaba claimed via Twitter that the attacks totaled more than 1 Tbps. He added that the botnet behind the attack used more than 145,000 infected DVRs and Internet-connected cameras, which were capable of sending 1.5 Tbps in a DDoS attack.

In addition, video game company Blizzard Entertainment was hit with several DDoS attacks last week, some of which impacted the company's servers and prevented customers from establishing Internet connections to their games. A hacking group known as "PoodleCorp" claimed responsibility for the attacks, which have ended.

These powerful DDoS attacks come on the heels of Bruce Schneier's post on national security blog Lawfare, in which he described how unidentified threat actors were apparently testing the defenses of major internet infrastructure companies with powerful DDoS attacks.

"Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them," Schneier wrote. "Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing."

Last week's attacks also coincide with a research report from Symantec that described how powerful DDoS attacks were using IoT malware to comprise poorly-protected devices. According to the report, Symantec discovered a dozen different IoT malware families that were actively infecting devices such as home automation or home security devices, which the company called "soft targets."

"DDoS attacks remain the main purpose of IoT malware," the report read. "Poor security on many IoT devices makes them soft targets and often victims may not even know they have been infected. Attackers are now highly aware of lax IoT security and many pre-program their malware with commonly used and default passwords."

Krebs echoed Symantec's findings in a post Sunday, writing that "there is every indication" that the attack on his website was derived from a botnet that had compromised a large number of IoT devices such as routers, IP cameras and DVRs.

DDoS attacks leveraging IoT malware have become more common lately. This summer a series of powerful DDoS attacks using infected IoT devices, courtesy of the LizardStresser botnet, were directed at several targets in Brazil, including government agencies and telecom firms, as well as companies in the U.S.

Next Steps

Learn how to handle a DDoS attack on your DNS provider.

Find out about the different types of DDoS attacks that can affect enterprises.

Read more on how DDoS attacks can bypass DNS rerouting services.

Dig Deeper on Emerging cyberattacks and threats

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What's the best way to mitigate powerful DDoS attacks that leverage IoT devices?


In my opinion IOT-Vendors have to grow up, and consumers have to demand secure solutions from IOTs, be it TV, metering, pumps, name it.
Any (old-school) hardware-vendor out there from washing-machines to fridges have product-developed to add connectiivty and Value Added Services.
But they have not focused at all on security...let alone updates to IOT OS's.
They are new to the hazards of connectivity.
As the big OS vendors out there; Google and Microsoft among them, provide software that will fit in the IOTs, the demands for security updates to the OS become as important as the updates for servers, firewalls and any other type of equipment on the network.

Oh! and Microsoft...your IOT version of OS has to focus on Security as well...guys you forgot :-b

IOT Spells GRC

Companies having IOTs in their network will have to include them in their overall Risk Management. Letting Firewalls and IDS/IPS guard the IOT perimeter may not be enough at all.
Todays real cyberthreats are called APTs: Advanced Persistent Threats. With APTs your firewall or IDS/IPS may not know what's going on before it's too late. And to the Dark-nets that spend time probing networks using distributed bots to pry and prod have all the time in the world to get at the prize in the other end.
Note please that todays APTs and malware-attacks bring the distributed Darknets so much money they can afford to test their strategy in malware sandboxing, on IDS/IPS guarded networks, behind state of the art Firewalls...of the highest quality.

What can you do?

So ultimately I think "knowledge" is the only real thing that will allow you to know if your IOTs are really under your control. Good old fashioned "Knowledge of your network".
Some may or may not know, but many SIEM systems have been around for quite some time, providing insights into the trafic on your network...enabling you to get that knowledge. SIEMs can provide in depth knowledge of what actually transpires in your entire network.
Using the SIEM you can benchmark your devices and trafic patterns.
For large businesses this is a noisy endeavour, as packages and system events fly around...
But that is exactly what SIEMs are made for gathering intel, analyzing data, patterns and so forth.
SIEMs may not be able support your need for IOT monitoring out of the box without prior setup...But you should spend that time. Benchmark these IOTs in your network as you would any other device in your network. Get to know their patterns in trafic...let the SIEM know these patterns. Set the thresholds for these patterns and make rules for alerts and so forth.
This is as I see it the only way you can guard a company.

The Real Danger

What scares me the most is the amount of IOTs out there.
Businesses will take care of their ressources in time, I'm sure. What really, really scares me is the amount of IOTs connected to private homes out there.
Let's just take a look at Android:
14 billion android devices out there.....

Are they all running the latest patches?...naaaah I think not.
How many old and un-updated Android devices are really out there? Noone knows for sure.
Old unupdated Smartphones scare me as well....but think of the number of IOTs that are produced where the OS is one of a kind Android version...never to be updated.
I know I have at least 1 multimedia dongle PC thingy using Android version "I can't remember"..updates from the vendor do not exist.
Why should they update it?

Turn them Off

If you have to buy IOTs for your household...Cameras, connected Smoke-alarms whatever....make sure you plan to know how to deal with updates of their OS. Deal with these updates as you would updates to your smartphone.
And once this is not possible any longer...kill the the device will become a vulnerable easy target for the Distributed Darknets.