noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Stevens Institute of Technology

Jorge Bravo ’26 Wins 2024 AGU Michael H. Freilich Student Visualization[...]
Blue Cross and Blue Shield of[...]

2025-26 Blue Impact Grants Now Open for Nonprofits Statewide
FTC - Federal Trade Commission

Concurring Statement of Commissioner Andrew N. Ferguson Joined by[...]

Technology

Trend Micro Inc.

01/17/2025 | News release | Distributed by Public on 01/17/2025 01:50

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024

In recent years, there has been an increase in cases where IoT devices were being exploited as a platform for cyberattacks. These devices can become infected with bot malware and be incorporated into a botnet, generating and transmitting a massive amount of traffic, either to cause damage through DDoS attacks, or used as a stepping stone for intrusion attacks on other networks. The following are some of the factors that make these devices vulnerable to attacks.

Failure to change default settings
Many users do not change the default settings (especially the default password) of their devices, making it easy for attackers to gain access to the machine's firmware.
Lack of updates
Old firmware and software often have known vulnerabilities that can be exploited by attackers.
Lack of security features
Some IoT devices lack sufficient security features, making them more vulnerable to attacks.

Countermeasures to prevent the spread of botnet infection

To prevent or minimize botnet expansion and impact, we recommend the following best practices to improve device security:

Immediately change the default username and password to something secure and difficult to brute-force after purchasing the device.
Regularly apply the latest firmware and software provided by the manufacturer to prevent attackers from exploiting vulnerabilities and weaknesses in the device.
Consider disabling remote access or port forwarding functions that are not in use.
Separate IoT devices into a dedicated network to reduce risks to other systems.
Review the settings of home routers and avoid opening unnecessary ports.
Properly manage and configure machines and other assets , including IoT devices, to eliminate situations where devices are running without being recognized and to prevent leaving unnecessary devices unused.
If it is necessary to use the management function from the internet, restrict the access source to the minimum necessary to prevent abuse.

Countermeasures against specific types of DDoS attacks

The DDoS attacks carried out by the IoT botnet discussed in this blog entry are divided into two types: attacks that overload the network by sending a large number of packets, and attacks that exhaust server resources by establishing a large number of sessions. In addition, we observed two or more commands used in combination, making it possible that both network overload attacks and server resource exhaustion attacks occur simultaneously.

Here are some examples of countermeasures that can be considered for each type of attack. We recommend that organizations consider implementing these suggestions, taking into account their environment and consulting with their contracted communication service provider.

Use a firewall or router to block specific IP addresses or protocols and restrict traffic.
Collaborate with communication service providers to filter DDoS traffic at the backbone or edge of the network.
Strengthen router hardware to increase the number of packets that can be processed.
Perform real-time monitoring and block IP addresses with high communication traffic.

Use a CDN provider to distribute and mitigate the load of the attack.
Limit the number of requests that can be sent by a specific IP address within a certain period of time.
Use third-party services to separate attack traffic and process clean traffic.
Perform real-time monitoring and block IP addresses with a high number of connections.
Detect and block abnormal traffic with IDS/IPS.
Cut off clients that have been connected for a long time but have not sent packets via behavioral analysis.
Strengthen server hardware to increase the number of packets that can be processed.
Increase the upper limit of server connections to improve availability.
Shorten timeout periods to quickly reuse server resources.

In addition, other types of DDoS attacks may be carried out by other IoT botnets. For an overview and countermeasures for such DDoS attacks, please refer to the guide provided by U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Conclusion

As seen in the recent botnet attacks, the use of infected devices can result in attacks crossing physical borders and causing significant damage to targeted countries or regions. It is essential to thoroughly implement IoT device security measures to avoid becoming an "accomplice" to such attacks. By taking proactive steps to secure IoT devices, individuals and organizations can help prevent the spread of botnets and protect against potential cyberthreats linked with these types of attacks.

Indicators of Compromise

The indicators of compromise for this entry can be found here.

Sharing and Personal Tools

Please select the service you want to use: