Largest DDoS attack ever delivered by botnet of hijacked IoT devices

Largest DDoS attack ever delivered by botnet of hijacked IoT devices
Attack proved too draining for Akamai to keep fighting it
Securing the internet of things should become a major priority now that an army of compromised devices – perhaps 1 million strong – has swamped one of the industry’s top distributed denial-of-service protection services.
A giant botnet made up of hijacked internet-connected things like cameras, lightbulbs, and thermostats has launched the largest DDoS attack ever against a top security blogger, an attack so big Akamai had to cancel his account because defending it ate up too many resources.
It wasn’t that Akamai couldn’t mitigate the attack – it did so for three days – but doing so became too costly, so the company made a business decision to cut the affected customer loose, says Andy Ellis the company’s chief security officer.
The delivery network has dropped protection for the Krebs on Security blog written by Brian Krebs after an attack delivering 665Gbps of traffic overwhelmed his site Tuesday. The size of the attack was nearly double that of any Akamai had seen before.
KrebsOnSecurity moves to [Google’s] Project Shield for protection against DDoS attack censorship

  His site has been protected by Prolexic, which was acquired by
Akamai; yet after sustained attacks were hitting his site with
about 620 Gbps of junk data, Akamai opted to stop providing
Krebs with pro bono protection service; protecting his site
was affecting the company’s paying customers.  Akamai, which
Krebs does not fault for dropping him, claimed a sustained
DDoS attack against Krebs’ site could have cost millions of
dollars to mitigate. Akamai told The Boston Globe that the
scale of attack on Krebs “stunned its engineers” since it was
“almost twice as much traffic as Akamai had ever seen in a
previous attack.” … Yet Krebs needed to bring his site back
up, so he opted for Project Shield which offers “free,
unlimited protection.” The service is built on Google Cloud
Platform in order “to protect news sites and free expression
from DDoS attacks on the web.”

About Educational CyberPlayGround, Inc.®

Educational CyberPlayGround, Inc. strives to help Teachers, Parents, and Policy Makers Learn about: Music, Teaching, Internet, Technology, Literacy, Arts and Linguistics in the K12 classroom.
This entry was posted in NetHappenings. Bookmark the permalink.