There has been another worrying development when it comes to massive-scale DDoS attacks, with the latest victim being an entire country – Liberia over in Africa, to be precise.
And as you won’t be surprised to hear if you’ve been following these stories, this is another assault which leverages the Mirai botnet to fire tons of traffic at the victim – that’s been the source of all these big attacks since the first massive volley against security researcher Brian Krebs (which reached some 620Gbps).
As ZDNet (opens in new tab) spotted, apparently the Mirai botnet employed in the attacks against Liberia is known as Botnet #14, and security expert Kevin Beaumont observes (opens in new tab) this is the largest such botnet – consistently capable of producing over 500Gbps – which appears to also be the source of the recent massive attack on Dyn.
The hit on Dyn, which is a DNS provider, caused a massive web outage a fortnight ago, knocking out all manner of sites including Twitter, Netflix and Spotify.
Liberia has apparently suffered at the hands of a number of DDoS attacks which are short by nature, but worrying because they’re pretty much taking the entire country offline.
As Beaumont observes, that’s because Liberia relies on a single pipe for its internet access, and so has a single point of failure (and it’s not the only country like this). Websites hosted in Liberia were downed, and a journalist Beaumont spoke to said that internet connectivity was going offline at times matching the DDoS blasts.
Beaumont noted: “The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state.”
The truth is that few people are on the internet in Liberia anyway – only around one in 20 of the population – but ZDNet also managed to get some confirmation from a person returning to the country, who said they experienced ‘minor interruptions’ to their internet usage on Wednesday evening.
But given the low-profile target country and the very short nature of the attacks, it seems that this is just the botnet’s owner(s) testing out firepower against a nation. It’s what might come next that’s worrying, of course, when the DDoS cannons are aimed and let loose with a sustained barrage.
As we saw with the Dyn affair, the sort of damage these large-scale attacks can now muster is quite frightening. And worse still, there’s the prospect of Mirai being cranked up in terms of its potential power as more easily compromised IoT devices (security cameras, DVRs, routers and so on) are hacked and join the massing botnet ranks.
The other major concern is the use of possible DDoS amplification techniques, such as the one we reported on last month, which could potentially be used to inflict assaults of 35Tbps or even more by seriously powering up these botnet-based attacks.