{"id":181798,"date":"2016-10-07T09:03:52","date_gmt":"2016-10-07T07:03:52","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=181798"},"modified":"2016-10-07T09:05:07","modified_gmt":"2016-10-07T07:05:07","slug":"a-look-inside-the-620gbps-ddos-attack","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/181798-a-look-inside-the-620gbps-ddos-attack.html","title":{"rendered":"A look inside the 620Gbps DDoS attack"},"content":{"rendered":"<p>On 20 September, <a href=\"https:\/\/blogs.akamai.com\/2016\/10\/620-gbps-attack-post-mortem.html\" target=\"_blank\"><strong>Akamai successfully defended<\/strong><\/a> against a DDoS attack exceeding 620Gbps &#8211; nearly double that of the previous peak attack on its platform.<\/p>\n<p>That attack generated interest in the role of IoT devices in DDoS attacks and the\u00a0Mirai source code.<\/p>\n<p>\u201cBased on [an]\u00a0investigation and what we know from the DDoS attack, we can confirm that the Mirai botnet was a major participant in the attack,\u201d said Akamai.<\/p>\n<p>\u201cWhile there may have been at least one other botnet involved, we cannot confirm that the attacks were coordinated.\u201d<\/p>\n<p>Akamai said\u00a0it has been tracking the botnet for some time, and published a\u00a0Threat Advisory on its dangers.<\/p>\n<p>&#8220;The Threat Advisory detailed our examination of a known-vulnerable device in order to analyze trends in brute force login attacks on the Internet.&#8221;<\/p>\n<p>&#8220;The device existed on a Public IP and had open ports for listening services such as Telnet, SSH, HTTP, SMTP, and more.&#8221;<\/p>\n<p>&#8220;The first thing we observed was bots using default credentials associated with IoT and then we noticed commands that showed them attempting to load the malware.&#8221;<\/p>\n<p>Akamai\u00a0made the following observations:<\/p>\n<ul>\n<li>100,000 login attempts were made from more than 1,800 IPs.<\/li>\n<li>The top source countries were China (64%), Colombia (13%), South Korea (6%), and\u00a0Vietnam (6%).<\/li>\n<li>The most attacked protocols were SSH (57%) and Telnet (42%).<\/li>\n<li>The top usernames were root (75%), admin (10%), shell (6%), and sh (6%).<\/li>\n<li>The most common login attempts were for Internet-connected surveillance cameras and associated DVR units.<\/li>\n<\/ul>\n<p>It said the attack was generated by a botnet that was comprised primarily of Internet of Things devices, such\u00a0as security cameras and DVRs.<\/p>\n<p>The attack also included a substantial amount of traffic connecting directly from the botnet to the target, rather than reflected and\/or amplified traffic, as seen in recent large attacks using NTP and DNS vulnerabilities.<\/p>\n<h3 class=\"my-4\">More on DDoS attacks<\/h3>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/180880-first-ever-1tbps-ddos-attack.html\" target=\"_blank\"><strong>First ever 1Tbps DDoS attack<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/168065-biggest-ddos-attack-in-q1-2016-was-289gbps.html\"><strong>Biggest DDoS attack in Q1 2016 was 289Gbps<\/strong><\/a><\/p>\n<p><strong><a href=\"http:\/\/mybroadband.co.za\/news\/security\/156537-googles-project-shield-protecting-news-sites-against-ddos-attacks.html\" target=\"_blank\">Google\u2019s Project Shield: protecting news sites against DDoS attacks<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Akamai successfully defended against a DDoS attack exceeding 620Gbps, nearly double that of the previous peak attack on its platform.<\/p>\n","protected":false},"author":23,"featured_media":123802,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[36,3340,2242],"class_list":["post-181798","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-active","tag-akamai","tag-ddos"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/181798"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=181798"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/181798\/revisions"}],"predecessor-version":[{"id":181824,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/181798\/revisions\/181824"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/123802"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=181798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=181798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=181798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}