Incident Response, TDR

IoT home routers used to launch application-level DDoS attack

Eight different brands of Internet of Things (IoT) home routers were compromised and used to create botnets that launched an application-level distributed-denial-of-service (DDoS) attack against a website's multiple servers.

The application-level DDoS, or Layer 7 HTTPS flood attack, was discovered by security firm Sucuri.

The campaign generated more than 120,000 HTTPS requests per second (RPS) using 47,000 IP addresses, according to a blog post by Securi founder and CTO Daniel Cid. “While we have seen routers being used maliciously in the past, we have never seen them used at this scale,” wrote Cid.

The attack leveraged multiple router providers, including 6,015 router devices manufactured by Huawei Enterprise routers (device versions HG8245H, HG658d, and HG531), 2,119 Mikro RouterOS devices, and 245 AirOS router devices manufactured by Ubiquiti Networks.

NuCom 11N Wireless Routers, Dell SonicWalls, VodaFone, Netgear, and Cisco-IOS routers were also were exploited and used in the attack.

Last week, Level 3 Threat Research Labs and Flashpoint discovered IoT devices targeted by the Lizkebab family of malware (also known as Bashlite, Torlus, or gafgyt) in order to create DDoS botnets. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.