Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Device

Latest Developments in Mirai Botnet DDoS Attacks and IoT Device Exploitation

Record-Breaking DDoS Attacks

In the last quarter of 2024, the cybersecurity landscape witnessed several significant events related to Mirai botnet variants and their role in Distributed Denial-of-Service (DDoS) attacks.

Cloudflare's Record-Breaking Mitigation: On October 29, 2024, Cloudflare mitigated the largest DDoS attack ever recorded, peaking at 5.6 Terabits per second (Tbps). This attack, originating from a Mirai-variant botnet comprising over 13,000 compromised Internet of Things (IoT) devices, targeted an Internet Service Provider (ISP) in Eastern Asia. The attack lasted only 80 seconds and was neutralized by Cloudflare's autonomous defense systems without human intervention or service disruptions2 5.

IoT Device Exploitation

Mirai botnet variants continue to exploit vulnerabilities in IoT devices to build extensive botnet networks.

Murdoc_Botnet: A new Mirai variant, known as Murdoc_Botnet, has been identified exploiting security flaws in AVTECH IP cameras and Huawei HG532 routers. This botnet leverages vulnerabilities such as CVE-2017-17215 and CVE-2024-7029 to infect over 1,370 devices globally, primarily in Malaysia, Mexico, Thailand, Indonesia, and Vietnam. The botnet is used for DDoS attacks and other malicious activities1.
Gayfemboy Botnet: Another Mirai variant, named gayfemboy, has been exploiting a security flaw in Four-Faith industrial routers since early November 2024 to launch DDoS attacks4.

Cloudflare's Cybersecurity Report 2024

Cloudflare's latest DDoS Threat Report for Q4 2024 provides several key insights into the evolving threat landscape:

DDoS Attack Trends: The report highlights a 53% annual increase in DDoS incidents, with 6.9 million DDoS attacks mitigated in Q4 2024 alone. Hyper-volumetric attacks (exceeding 1 Tbps) saw a staggering 1,885% increase compared to Q3 20242 5.
Attack Vectors: The most common attack methods included SYN floods (38%), DNS floods (16%), and UDP floods (14%). Mirai botnet variants drove a 131% increase in network-based attacks. Memcached-based amplification attacks and BitTorrent-related DDoS abuse also saw significant increases, by 314% and 304%, respectively2 5.
Targeted Sectors: Telecommunications, Service Providers, and Carriers were the most targeted sectors, overtaking Banking & Financial Services. China remained the most attacked country, followed by the Philippines and Taiwan2 5.
Ransom DDoS (RDDoS) Attacks: There was a notable rise in RDDoS attacks, with 12% of targeted Cloudflare customers facing ransom demands, marking a 78% quarter-over-quarter increase2.
Geographical Distribution: Indonesia remained the leading origin of DDoS traffic, followed by Hong Kong and Singapore. The attacks often originated from high-density network regions, complicating attribution efforts2.

Mitigation and Best Practices

To safeguard against these attacks, several recommendations have been made:

Monitoring and Updates: It is advised to monitor suspicious processes, events, and network traffic spawned by the execution of any untrusted binary/scripts. Applying firmware updates and changing default usernames and passwords are also crucial1.
Automated Defenses: Given the brevity and intensity of modern DDoS attacks, Cloudflare emphasizes the necessity of always-on, automated defenses. Real-time human intervention is often impractical, making AI-driven mitigation strategies essential2.

These developments underscore the growing sophistication and scale of DDoS attacks, particularly those leveraging IoT device vulnerabilities, and highlight the importance of robust cybersecurity measures and transparency in combating these threats.