A newly identified botnet called Eleven11bot is reportedly responsible for delivering some of the largest DDoS attacks in history, consisting of approximately 30,000 infected webcams and video recorders, primarily located in the United States. This discovery came to light in late February when security researchers from Nokia’s Deepfield Emergency Response Team detected massive amounts of data being sent to various targets globally, marking the botnet’s substantial activity.
DDoS attacks of this type consume bandwidth by overwhelming the targeted network or its Internet connection. The Eleven11bot has been effective in executing “hyper-volumetric” attacks, which generate immense data loads, sometimes exceeding 6.5 terabits per second—setting a new record surpassing a previous peak of 5.6 terabits per second just a month before.
The botnet’s distinct feature is not only its size but also the extraordinary volume of data it can generate, impacting various sectors from communication services to gaming infrastructures. Attacks can involve flooding connections with data packets, stressing system resources and causing significant service interruptions. The reach of the botnet is impressive, with around 24.4% of the compromised IP addresses located in the U.S., followed by Taiwan and the U.K.
Interestingly, most of the targeted devices had not been reported to participate in DDoS activity before the emergence of Eleven11bot. This sudden spike in participation suggests a rapid deployment strategy or a newly discovered method exploited by the botnet. Security experts indicate that Eleven11bot could be a variant of the infamous Mirai botnet, known for compromising IoT devices, primarily by using default security credentials and inserting new vulnerabilities to expand its reach.
Confusion arose regarding the botnet’s actual size, with estimates varying widely—from 30,000 devices to claims suggesting over 86,000, and even a more conservative number under 5,000. Experts believe that discrepancies stem from how device information is displayed post-infection, complicating accurate assessments of the botnet’s scale.
Overall, the rise of the Eleven11bot serves as a stark reminder of the vulnerabilities within IoT devices and the importance of securing these technologies against potential exploitation. It’s crucial for users to protect their IoT devices by employing strong passwords, ensuring network privacy, and applying software updates promptly to mitigate risks.
