Yandex, the Russian version of Google, was hit with the largest DDoS attack in the history of the Internet. This attack followed a different attack in August that at the time was three times larger than the largest on record. A distributed denial-of-service (DDoS) attack occurs when a criminal uses compromised computers or other IoT devices to bombard a server, service, or network with requests. It’s a purposeful traffic jam to take down a targeted website. The network of compromised devices being weaponized is called a botnet.
In August, Cloudflare said they stopped a DDoS attack against a financial institution. That attack peaked at 17.2 million requests-per-second and was the largest until this recent attack on Yandex. The more recent Yandex attack peaked at 21.8 million requests-per-second, so the strength of the botnet is growing. Both attacks are attributed to a hacker group called Meris.
The botnet is made up of unsecured routers manufactured by a single company. The hacker group found a way into routers and are using them to overload the website of their choosing. Criminals are able to create these botnets because companies sell cheap, unsecure devices that consumers buy and put on the internet. These devices are usually much cheaper than their secure competitor.
The company who makes the routers say they have fixed the firmware, but the majority of routers online are using an earlier version of the firmware that’s still vulnerable.
“The biggest contributor to the IoT botnet problem — a plethora of companies white-labeling IoT devices that were never designed with security in mind and are often shipped to the customer in default-insecure states — hasn’t changed much, mainly because these devices tend to be far cheaper than more secure alternatives.” Krebs on Security
The devices you have connected to your home and business network matter. Devices should be patched and updated often because when issues are found, they are repaired. If your device is working on a three-year-old version of the firmware, you’re opening up your network to vulnerabilities. Additionally, quality devices make a difference. These IoT devices are security cameras or baby monitors, but they can also be industrial sensors or manufacturing devices. Any device connected to the Internet is susceptible.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
