A New Global DDoS Threat Hit DDoS-GUARD Clients

The emergence of a new botnet with a power superior to Mirai was predicted by analysts in early 2017. However, despite the warnings, IoT manufacturers did not eliminate the backdoors.

Frankfurt am Main, Germany, November 05, 2017 --(PR.com)-- This led to a new wave of massive attacks of huge volume, which began in mid-October and are still raging. The new botnet hit the DDoS-GUARD clients from Germany - the well-known media library - on October 25, 2017. The peak fell on the night time from October 26th to October 27th. The source of DDoS-attack was 4.5 million devices worldwide (over 200 countries, including USA).

Botnet geography is as follows (by number of attacking requests):

USA - 63,05%
UK - 16,58%
Canada - 7,62%
the Netherlands - 1,62%
Australia - 1,6%
Germany - 0,69%
Ireland - 0,62%
Israel - 0,62%
South Africa - 0,62%
Greece - 0,5%
The rest of the world - 6,48%

Parasitic traffic was coming from the networks of large providers in the USA, UK, Canada, Malaysia and other countries. Among them are Comcast Cable Communications, Time Warner Cable Internet, Verizon, AT & T Services, Virgin Media Limited, British Telecommunications PLC, Sky UK Limited, Charter Communications, etc.

Diagram of distributed attacking requests by autonomous source systems

By the nature of traffic DDoS attacks as of October 25-27 can be attributed to the Pulse Wave (when the power drops and rises with the same frequency), but with the planned increase in power from period to period. It’s interesting that hackers alternately used bots from different countries. The most active ones are shown on the map.

IOtroop / REAPER is currently generating a DDoS attack on another resource, which is under the protection of DDoS-GUARD - a telecom operator from Taiwan. The amount of garbage traffic at the peak reaches 160 Gbps / 150 Mpps, DDoS-GUARD filters are successfully coping with the attack.

Botnet, which allegedly consists of routers and IP cameras, attacks victims from all over the world - its activity is recorded and studied not only in Russia, but also in China, the USA and Israel. Bots generated an HTTP flood at L7. Those responsible for the new wave of DoT (DDoS through IoT) do not advertise themselves on the Internet yet. DDoS-GUARD specialists continue to analyze the attacking traffic.
Contact
DDoS-GUARD
Olga Brevde
+31 208 087 317
ContactContact
Categories