A newly identified botnet named Eleven11bot, compromising over 30,000 security cameras, is being utilized to execute DDoS attacks primarily targeting telecom providers and gaming platforms. With over 60% of associated IPs traced back to Iran, experts emphasize the scale and impact of this botnet, calling for enhanced security measures for IoT devices.
A newly uncovered botnet, comprised of over 30,000 compromised security cameras and network video recorders, is actively conducting distributed denial-of-service (DDoS) attacks against telecommunication providers and gaming platforms. This botnet, referred to as Eleven11bot, has been under scrutiny by security researchers from Nokia Deepfield and GreyNoise, primarily for conducting brute-force attacks on login systems, targeting weak or default passwords associated with Internet of Things (IoT) devices.
GreyNoise identified that more than 60% of the 1,042 distinct IP addresses linked to Eleven11bot trace back to Iran. Although formal attributions were not made by the research firm, the attacks have been noted to align with the period following new sanctions imposed by the Trump administration on Iran, in line with its “maximum pressure” campaign.
Experts emphasize that Eleven11bot is operating with considerable strength and persistence. Jerome Meyer, a security researcher at Nokia Deepfield, described its scale as “exceptional among non-state actor botnets,” characterizing it as one of the largest DDoS botnet operations since the onset of the Russian invasion of Ukraine in February 2022. Attack intensity varies widely, assessing between a few hundred thousand to several hundred million packets per second.
Researchers from Censys documented approximately 1,400 IP addresses potentially associated with Eleven11bot. GreyNoise observed 1,042 IPs breaching its sensors within the preceding month, with a concerning 96% of these devices being classified as non-spoofable, indicating they are sourced from authentic, accessible IoT devices. Moreover, Eleven11bot specifically targets certain camera brands, like VStarcam, known for having hardcoded credentials that heighten their vulnerability.
GreyNoise proposes several security measures to alleviate the dangers posed by Eleven11bot. These include: securing IoT devices by altering default passwords, disabling remote access, and routinely updating firmware; monitoring network activity for abnormal login attempts, particularly for Telnet and SSH; and blocking traffic from recognized malicious IP addresses to avert infiltration. As IoT devices remain a prominent target for cybercriminals, it is imperative for organizations and individuals to adopt proactive strategies in safeguarding their networked devices and eliminating risks from botnets like Eleven11bot.
The emergence of the Eleven11bot represents a significant security challenge, particularly given its substantial scale and the targeted nature of its attacks. With a majority of its originating IPs traced to Iran and its operations affecting telecom and gaming sectors, it underscores the vital need for heightened cybersecurity measures. Implementing stringent safeguards for IoT devices and monitoring network activities are crucial steps necessary to counteract such threats effectively.
Original Source: irannewsupdate.com
