Skip to main content
  1. Home
  2. Computing
  3. News

Internet of Things was the source of largest botnet attack in history

By

botnet cameras iot attack ismartalarm spot security camera 2
Image used with permission by copyright holder
Security news site and blog KrebsonSecurity, was hit by the world’s largest denial of service (DDOS) attack last week, with more than 620 gigabits per second hammering its servers into submission. While astounding in its own right, what’s of more concern is the source: not infected PCs, but internet of things (IOT) devices like cameras and routers.

But the attackers didn’t stop there. Whoever was behind the DDOS was only just getting started. Since then we’ve seen assaults that peaked at over a terabit of data per second, with concerns that the botnet has the potential to deliver a further 50 percent more data if the timing is right.

Recommended Videos

Although as Ars reports, these numbers have yet to be officially confirmed, the sources are rather reliable. It would be easy to dismiss them based on their extravagance, since to date, the largest recorded botnet attack threw 363 gigabits per second of data. However, considering we’ve now seen attacks in excess of three times that much, we would expect to see many more large-scale attacks in the near future.

Please enable Javascript to view this content

Related: Two Israeli teenagers arrested over vDOS DDoS-for-hire service

The reason this was possible at all is because of the Internet of Things. IOT devices have long been considered a security hole in the technological landscape, as they so often operate under the radar, and so receive less scrutiny from users and security professionals. However, they often have the ability to upload a lot of data at once, so it’s not always obvious when they’re used as part of an attack like this one.

We’ve seen hints of IOT devices like home routers being used in DDOS attacks before. The famous downing of the Xbox Live and PlayStation networks in 2015 was in part caused by botnet-connected home network hubs.

Even if you do notice that your IOT device is behaving oddly, reclaiming control of your hardware may not always be easy. By their very nature IOT devices tend to operate behind the scenes, so they often have minimal interfaces or ability to change important settings.

One preemptive security step people can take is to never put their hardware online at all. That may often defeat the point of a bit of smart tech and would of course be redundant for routers or similar devices, but there are a number of devices that don’t really need to be connected online all the time.

At the very least users should change their default passwords. Make them long, make them unique, and change them periodically to play it safe.

Editors’ Recommendations

Topics
Jon Martindale
Jon Martindale
Evergreen writer
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
LG unveils a monster 5K ‘bendable’ OLED gaming monitor
An UltraGear curved monitor on a desk in front of a window.

Ahead of CES 2025, LG has announced new extra-large additions to its line of UltraGear GX9 OLED gaming monitors: one being a massive, 45-inch display with a bendable panel, and the other, a 39-inch "smart" gaming monitor with webOS built-in.

Let's start with the big boy, though, because it has an impressive "world's first" designation behind it. It's the first 5K OLED monitor on the market, featuring a resolution of 5120 x 2160 -- also known as 5K2K. Not only is it the first OLED monitor in general to have a 5K resolution but it's also the first gaming monitor to launch with this higher resolution, normally reserved for high-end creator monitors like the Apple Studio Display.

Read more
Intel quietly opens preorders on new Arrow Lake CPUs
Fingers holding an Intel 285K.

With CES 2025 right around the corner, most of us expect the big announcements to arrive in a week -- but some companies are already teasing new products. In Intel's case, the manufacturer plans to add more CPUs that might compete against some of the best processors. To that end, Intel has now announced preorders for new Arrow Lake CPUs, but most of us can't get our hands on them yet.

As spotted by VideoCardz, Intel China announced that preorders for the Core Ultra 200 non-K CPUs are opening today, with availability planned for January 13. These CPUs will presumably just be non-overclockable versions of existing Arrow Lake chips, such as the Core Ultra 9 285K. In its announcement, Intel teases "new architecture" and "better power consumption."

Read more
It was a horrible year for data breaches. These were the 5 worst in 2024
Person typing on a computer keyboard.

This was a historically awful year in data breaches. We saw some record-breaking breaches this year that got the attention of the public, involving hackers accessing some very sensitive information, including Social Security numbers, credit card numbers, and more.

Let's look back at the worst cybersecurity incidents of the year and let them encourage all of us to be as prudent as we can with our activity online.
National Public Data, where hackers claim to steal 2.9 billion personal records
Background check company National Public Data, also known as Jerico Pictures, suffered one of the worst data breaches when hackers allegedly stole 2.9 billion personal records. The class action lawsuit claimed that hackers leaked critical data such as full names, addresses, and relative information to the dark web.

Read more