Security researchers warn that a malicious botnet exploiting internet of things devices for DDoS attacks is rapidly spreading since it was discovered last week.
The Shadowserver Foundation said more than 86,000 IoT devices were compromised by Eleven11bot as of Sunday, which is more than double the total of about 30,000 devices reported as of Friday. Of 86,000 total, about 27,000 of the compromised devices were based in the U.S.
Most of the compromised devices include security cameras and network video recorders, while the targeted organizations include telecom firms and gaming platforms, according to GreyNoise, which is tracking much of the activity.
The botnet is considered one of the largest from a non-state actor since early 2022, when Russia launched an invasion of Ukraine.
The potential impact of these attacks could be very consequential, as there are up to 150,000 devices that may be vulnerable to this activity, according to researchers at Nokia Deepfield, based on data shared by Censys.
The botnet is not only rapidly expanding but a powerful one that has already engaged in damaging threat activity.
The maximum observed attack bandwidth has reached 6.5 Tbps; however, attacks usually are based on fewer bots than found in this Eleven11bot activity. The volume of traffic generated here makes it impractical to use traditional mitigation techniques, such as scrubbing appliances.
“Given these capabilities, there is indeed a real potential impact on critical infrastructure, due to the enormous traffic volumes involved,” Jerome Meyer, security researcher at Nokia Deepfield, said via email.