US security company Imperva said that from March to April this year, the company detected a large-scale botnet attack, mainly for online streaming applications. It is reported that the attack used more than 400,000 connected devices in 13 days.
This botnet, and it’s associated distributed denial-of-service attack (DDoS attack), first appeared in 2016 and is similar to the botnet Mirai. For example, it might use some open ports that have been infected with Mirai malware. However, Imperva researchers have not yet determined whether the attack uses Mirai malware or any of its variants, and it remains unclear about the attacker’s intent. “It was the largest Layer 7 DDoS attack Imperva has ever seen,” researcher Vitaly Simonovich notes in the blog.
Experts say botnet attacks usually start with breaking networked devices. Once malware is built into these devices, hackers can control those devices and start cyber attacks. Because the network cannot distinguish between malicious and legitimate traffic, an attacker can hide its true purpose by some means. The application is corrupted by extremely high malicious traffic. In general, the more zombies in a botnet, the higher the DDoS attack strength. “If you have a DDoS protection solution in place, you’ll want to check to ensure that the mitigation solution can handle an attack of this size,” Simonovich says. “Attackers are continually improving in their capabilities and becoming increasingly more sophisticated, therefore, mitigation solutions should not be overlooked.”
It is understood that since 2016, many new IoT providers have entered the market. But few people have learned from past security mistakes. Many IoT devices are still not designed with security in mind. At the beginning of the year, the researchers found that nearly 2 million Internet of Things devices have flaws in the built-in software and are highly vulnerable. These devices include security cameras, baby monitors and smart doorbells.