In a series of tweets, Octave Klaba, the founder and CTO of French Internet service provider OVH, identified what is likely the largest DDoS attack to date. Klaba stated that "we got lot of huge DDoS. Here, the list of 'bigger that 100Gbps' only. You can see the simultaneous DDoS are close to 1Tbps !" In the same tweet, Klaba shared an image showing the types of handshake requests that are flooding the internal servers, identifying them as tcp/ack, tcp/ack+psh, and tcp/syn.
In another tweet, Klaba stated that the cause of the DDoS was a botnet of IoT devices like CCTV cameras, DVRs, and other devices. The tweet focused mostly on “145607 cameras/dvr (1-30Mbps per IP)" that are "able to send >1.5Tbps DDoS." The reality here is that any IoT device is susceptible to becoming a part of a botnet like the one used against OVH. As Swati Khandelwal of The Hacker News astutely observed, "IoT-powered DDoS attacks have now reached an unprecedented size, as it is too easy for hackers to gain control of poorly configured, or vulnerable IoT devices."
With an epidemic of DDoS attacks happening as a result of hacked IoT devices, the security community needs to involve itself more in preventing such occurrences. Some cybersecurity experts are already aware of the source problem that allows IoT devices to be hacked so easily. In an interview with SC Magazine, Richard Meeus of NSFOCUS said that ease-of-use is behind many of the flaws allowing botnets to be created from IoT devices. Much of this is due to "cut-down versions of standard operating systems," which cause for out-of-the-box devices to have no encrypted communication and never-altered default passwords.
The basic concept to understand here is that most cybersecurity professionals struggle with a battle between security and convenience. The botnets like the one used to attack OVH are a result of companies leaning on the side of convenience and compromising security as a result. Another takeaway from this DDoS attack is that companies in charge of DDoS protections will have to work that much harder to prevent their clients' servers from overloading. An attack that can reach a little over 1 Tbps is absolutely insane, and it only means that DDoS prevention has been made that much more difficult.
Photo credit: Kirk Lau, Octave Klaba