Cybercriminals have combined multiple botnets to carry out devastating DDoS attacks. Cybersecurity experts have recorded many attacks with a capacity of more than 1 Tbit / s and a duration of several days. Most often, they were aimed at the entertainment sector, retail, publishing houses, and fintech companies.
The discovered botnet has become the largest in the history of the Internet. The cybersecurity industry has never seen this before, said the experts.
Many attacks with a capacity of more than 1 Tbit / s were recorded in December 2021. They lasted for several days. In total, about 230 attacks were recorded, of which:
72 (32%) were in the entertainment sector;
55 (24%) – for retail;
28 (12%) – for the financial sector;
23 (10%) – for Internet providers and hosting;
16 (7%) – for banks;
9 (4%) – for education;
8 (3.5%) – for insurance;
7 (2%) – for medicine;
6 (2.5%) – for the media.
According to experts, the attacks were carried out using a new botnet consisting of tens of thousands of servers with different operating systems. They also used webcams, routers, smart TVs. Since the botnet includes different devices with different operating systems, experts conclude that they are infected in different ways.
All attacks were carried out with the same power, but at the same time had different geography, which, according to experts, suggests that not one botnet was used, but several, combined into a single control system.
The botnet’s resources were divided among several users who could launch DDoS attacks at the same time. Experts managed to find out that about 50% of malicious traffic comes from Japan, 30% from the United States, and 20% from other countries.
Cybercriminals are combining botnets to increase attack power. This allows them to break through the DDoS protection.