Record-breaking digital attacks from the same unnamed individual or group have recently taken down a host of online sites.
According to Forbes, these significant distributed denial of service (DDoS) attacks even successfully knocked independent cybersecurity news site Krebs on Security offline last week with somewhere between 600 gigabits per second and 700 gigabits per second of traffic.
Two sources familiar with the attacks told Forbes that the victims targeted by the hacker crew are being hit by tens of thousands of Internet of Things (IoT) devices, such as unsecure routers, digital video recorders and connected IP cameras.
These connected devices have been reported as vulnerable to hacks and, when compromised, can be used to send extremely large volumes of traffic to a site.
According to Forbes, connected cameras have become a popular tool among cybercriminals.
French hosting giant OVH, which was recently attacked with more than 1,100 gigabits per second of traffic, reported that the botnets it was hit by consisted of 145,607 cameras and DVRs.
While it’s difficult to track the source of the attacks, the majority of the online traffic hitting the victimized sites has originated from China, South Korea, Taiwan and Vietnam.
“The collateral damage footprint can be quite broad and deep. In many cases, collateral damage inflicted on bystander organizations and disruption of their internet traffic is even greater than the direct effects on the actual targets of the attack,” Roland Dobbins, a principal engineer at Arbor Networks, noted.
“ISPs and enterprises who purchase such devices should insist on adherence to well-known industry security practices of this nature and should test any IoT-type devices they’re considering purchasing in order to validate that those devices are secure by default and can’t be abused to launch DDoS attacks or be compromised in others ways,” he continued.