Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.
The Iran-linked botnet has a large presence in the U.S. and is targeting telecom and other firms with DDoS attacks.
Security researchers warn that a malicious botnet exploiting internet of things devices for DDoS attacks is rapidly spreading since it was discovered last week.
The Shadowserver Foundation said more than 86,000 IoT devices were compromised by Eleven11bot as of Sunday, which is more than double the total of about 30,000 devices reported as of Friday. Of 86,000 total, about 27,000 of the compromised devices were based in the U.S.
Most of the compromised devices include security cameras and network video recorders, while the targeted organizations include telecom firms and gaming platforms, according to GreyNoise, which is tracking much of the activity.
The botnet is considered one of the largest from a non-state actor since early 2022, when Russia launched an invasion of Ukraine.
The potential impact of these attacks could be very consequential, as there are up to 150,000 devices that may be vulnerable to this activity, according to researchers at Nokia Deepfield, based on data shared by Censys.
The botnet is not only rapidly expanding but a powerful one that has already engaged in damaging threat activity.
The maximum observed attack bandwidth has reached 6.5 Tbps; however, attacks usually are based on fewer bots than found in this Eleven11bot activity. The volume of traffic generated here makes it impractical to use traditional mitigation techniques, such as scrubbing appliances.
“Given these capabilities, there is indeed a real potential impact on critical infrastructure, due to the enormous traffic volumes involved,” Jerome Meyer, security researcher at Nokia Deepfield, said via email.
Get the free daily newsletter read by industry experts
U.S. government agencies are in jeopardy of Russia-linked cyberattacks, and although CISA isn’t aware of any compromised environments, officials warn the risk is exigent.
Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
U.S. government agencies are in jeopardy of Russia-linked cyberattacks, and although CISA isn’t aware of any compromised environments, officials warn the risk is exigent.
Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.
The free newsletter covering the top industry headlines
About The Author
More Stories
Local Infrastructure, Lower Costs: How Peering Is Moving the Needle on Internet Affordability
On Global Accessibility Awareness Day, An Internet for Everyone Must Include Everyone
An Open Fiber Data Standard to Make the Internet for Everyone