Digital Event Horizon
Eleven11bot, a massive denial-of-service botnet comprising an estimated 30,000 webcams and video recorders, has been causing chaos across various sectors. The botnet is likely a variant of Mirai, employing a single new exploit to infect IoT devices. With attack sizes reaching unprecedented levels, Eleven11bot poses a significant threat to online infrastructure and services. As security experts scramble to understand the true extent of this behemoth botnet, one thing is clear: securing IoT devices and prioritizing cybersecurity must become a top priority.
The Eleven11bot botnet is estimated to comprise around 30,000 webcams and video recorders. The botnet is believed to be a variant of Mirai malware, with a new exploit used to infect digital video recorders running on HiSilicon chips. The actual number of devices in the botnet may be significantly lower than reported, with estimates ranging from 5,000 to 20,000 IP addresses. Eleven11bot has delivered record-setting volumetric DDoS attacks, including a peak rate of 6.5 terabits per second. The impact of the botnet's attacks has been substantial, causing service degradation that can last multiple days. Securing IoT devices and keeping them up-to-date with security patches is crucial to prevent similar attacks in the future.
A recent discovery by security researchers at Nokia has shed light on a massive denial-of-service (DoS) botnet, dubbed Eleven11bot. Comprising an estimated 30,000 webcams and video recorders, this behemoth of a botnet has been wreaking havoc on various sectors, including communications service providers and gaming hosting infrastructure.
According to Jérôme Meyer, the security researcher who first identified the botnet, it is likely that Eleven11bot is a variant of Mirai, a family of malware designed to infect webcams and other Internet-of-things (IoT) devices. This new variant has been using a single new exploit to infect TVT-NVMS 9000 digital video recorders running on HiSilicon chips.
The sheer scale of Eleven11bot is staggering, with estimates suggesting that the botnet is comprised of fewer than 5,000 devices, rather than the initial reported 30,000. However, Meyer's team has consistently observed as many as 20,000 to 30,000 IP addresses participating in follow-on attacks.
Eleven11bot has been delivering record-setting volumetric DDoSes, with the largest one occurring on February 27 and peaking at an astonishing 6.5 terabits per second. This is significantly larger than the previous record of 5.6 Tbps reported earlier that month.
The impact of Eleven11bot's attacks has been substantial, with service degradation causing in some cases lasting multiple days. In fact, some attacks have remained ongoing as of the time this post went live.
In an online interview, Meyer shed light on several key aspects of Eleven11bot. Firstly, he noted that the vast majority of its IP addresses were not involved in DDoS attacks prior to last week, indicating that these devices are likely security cameras or other IoT devices that have been compromised without their owners' knowledge.
Meyer also emphasized that partly due to the botnet's larger-than-average size, the attack size is also larger than average. This is a critical point, as it highlights the importance of securing IoT devices and keeping them up-to-date with the latest security patches.
In conclusion, Eleven11bot represents a significant threat to online infrastructure and services. As Meyer so aptly put it, "this botnet is much larger than what we're used to seeing in DDoS attacks." It serves as a stark reminder of the importance of prioritizing IoT security and taking proactive measures to prevent similar attacks in the future.
Related Information:
https://www.digitaleventhorizon.com/articles/Eleven11bot-The-Largest-Known-Denial-of-Service-Botnet-to-Date-deh.shtml
https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/
https://www.scienceglimpse.com/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/
Published: Thu Mar 6 08:50:35 2025 by llama3.2 3B Q4_K_M
