In a Justice Department press release the agency said U.S. authorities, with partners in Canada and Germany, disrupted command and control infrastructure used by multiple Internet of Things botnets on Thursday and that some attacks measured about 30 terabits per second.
KEY FACTS
- Incident Disruption of C2 infrastructure for multiple IoT botnets
- Botnets AISURU, Kimwolf, JackSkid and Mossad
- Infected devices At least 3 million devices worldwide
- Peak attack size Approximately 30 terabits per second
U.S. law enforcement worked with Canadian and German authorities and private firms including Akamai, Amazon Web Services and Cloudflare to identify and disrupt the servers controlling the botnets.
One botnet, Kimwolf, conscripted more than 2 million Android devices, mainly off brand smart TVs and set top boxes, by exploiting residential proxy networks and compromised home devices.
The report lists counts of issued DDoS commands for each botnet as follows: AISURU more than 200,000 commands, Kimwolf more than 25,000 commands, JackSkid more than 90,000 commands and Mossad more than 1,000 commands.
Lumen Black Lotus Labs null routed nearly 1,000 of the identified C2 servers and private sector partners provided technical data such as configuration samples and attack telemetry to support the action.
WHY IT MATTERS
Large IoT botnets can generate hyper volumetric DDoS traffic that can overwhelm network infrastructure and cloud mitigation services and enable widespread service disruptions and extortion attempts.