TLDR: A new botnet, Eleven11bot, is responsible for record-size DDoS attacks, affecting thousands of devices including webcams and video recorders. The botnet’s massive scale and hyper-volumetric attacks are disrupting critical services. Learn what this means for cybersecurity and how Isogent can help secure your systems.
The Rise of Eleven11bot: What It Means for Cybersecurity and Your Business
In recent news, cybersecurity researchers have uncovered a new and highly concerning botnet known as Eleven11bot. This botnet, powered by thousands of IoT devices including webcams and video recorders, has been delivering some of the largest DDoS attacks ever seen. The attacks, measuring up to a staggering 6.5 terabits per second, are not only larger than what we’ve seen before but also more sophisticated, leveraging previously unexplored vulnerabilities.
Here’s everything you need to know about the rise of Eleven11bot and how it affects your business.
What Is Eleven11bot?
Eleven11bot is a botnet made up of over 30,000 devices, primarily located in the US and other global hotspots like Taiwan and the UK. Unlike traditional botnets that are controlled by malware designed to infect multiple types of devices, Eleven11bot specifically targets IoT devices—webcams, digital video recorders (DVRs), and similar devices often left unsecured. These devices are commonly used for security and monitoring purposes, yet their lack of strong passwords and outdated firmware make them prime targets for exploitation.
As reported by Nokia’s Deepfield Emergency Response Team, Eleven11bot is delivering hyper-volumetric DDoS attacks, a category of attack that floods a network with enormous amounts of data, rendering it impossible for the target to continue functioning. In some instances, attacks have lasted for days, and the disruptions have had widespread effects on sectors such as communications and gaming infrastructure.
How Eleven11bot Differs from Other Botnets
What makes Eleven11bot stand out from previous botnets, like Mirai (which was responsible for the infamous 2016 DDoS attacks), is its ability to cause hyper-volumetric attacks—the largest of their kind. Previous DDoS attacks were measured in the range of gigabits per second. However, Eleven11bot has ramped up the stakes to terabits per second, creating significant strain on any system unlucky enough to be targeted.
Another key difference is that the majority of devices involved in Eleven11bot had never participated in DDoS attacks before. This highlights a dangerous trend in botnet activity: newly compromised devices entering the fray can create an ever-expanding army of malicious machines that are difficult to track and neutralize.
The Impact of Hyper-Volumetric Attacks
Hyper-volumetric attacks are particularly dangerous because they flood the target with so much traffic that it consumes all the available bandwidth, preventing legitimate traffic from reaching the server or network. Unlike traditional DDoS attacks that aim to exhaust computing resources, hyper-volumetric attacks focus on overwhelming the connection itself.
The latest attack from Eleven11bot, which peaked at 6.5 Tbps, has been the largest known attack to date. This is a major leap forward from previous attacks, which hovered around 5 Tbps. The scale of these attacks could easily cripple even the most robust IT infrastructures, especially those without proper protections in place.
How Does Eleven11bot Work?
Eleven11bot operates on a variant of the Mirai botnet, using IoT devices like webcams and DVRs to conduct its operations. These devices are often exploited by default passwords or weaknesses in their security protocols, making them an easy target for attackers.
A common method for infecting devices involves exploiting default usernames and passwords or bypassing weak security settings. Once compromised, these devices are used to launch DDoS attacks against unsuspecting targets, taking down websites and services with overwhelming traffic.
Protecting Your Business From Botnets
While large botnets like Eleven11bot represent a significant threat to businesses, there are several steps you can take to protect your organization’s network from these types of attacks.
Here are a few critical steps that can help safeguard your business:
- Secure Your IoT Devices: Ensure that all connected devices have strong, unique passwords and are configured with the highest security settings.
- Segment Networks: Isolate IoT devices from critical business systems to reduce the risk of a breach.
- Regularly Update Firmware: Keep the firmware on all devices up-to-date to minimize vulnerabilities.
- Implement DDoS Protection: Invest in DDoS mitigation services to ensure that your infrastructure can withstand large-scale attacks.
- Monitor Traffic: Use network monitoring tools to detect unusual traffic patterns that might signal an impending attack.
Conclusion: How Isogent Can Help
The rise of Eleven11bot underscores the growing need for businesses to stay vigilant and proactive in their cybersecurity efforts. While botnets continue to evolve, Isogent is here to help businesses protect their data and infrastructure from these ever-changing threats.
By implementing robust network security measures, investing in DDoS protection, and securing IoT devices, Isogent ensures that your business stays ahead of these evolving threats. We don’t just help with technology—we help protect your most valuable assets, like your data, from attackers who are constantly looking for new ways to exploit vulnerabilities.
Contact Isogent today to learn how our solutions can help you fortify your IT infrastructure and protect your business from emerging threats like Eleven11bot.
Sources:
