Lizard Squad's IoT botnet launches 400Gbps DDoS attack

(Image Credit: iStockPhoto/stevedangers)

Lizard Squad, a hacking group which gained notoriety for attacks on console gaming networks, has launched a massive DDoS attack using its LizardStresser botnet. 

The LizardStressor botnet is responsible for a Distributed Denial of Service (DDoS) attack on banks, telcos and government agencies in Brazil and three large US gaming companies. Botnets hijack often unsuspecting networks through unsecured devices to flood services with traffic from around the world in order to bring them down. 

The widespread nature of a DDoS makes it difficult to stop traffic, which makes them a nightmare for any company which relies on internet business. This latest attack using LizardStresser has targeted IoT devices that are still using default passwords – which has provided the hackers with enough 'bots' to launch a 400 gigabits per second attack without the need for amplification. 

LizardStressor is written in C and features a client designed to run on compromised Linux devices and connect to a hard-coded command and control (C&C) server.  Lizard Squad published its source code in early 2015 to enable other DDoS attackers with a powerful tool for building their own botnets and launching their own attacks. In this year so far, LizardStressor activity has increased and IoT devices have become a frequent target. 

It's thought IoT devices have become a key target because they're often Linux-based, and by their nature are connected to the internet. Many early adopters don't change the default password of their devices either – making them easily susceptible to hacks. 

Once compromised, many owners won't even realise because the devices often don't have built-in security features. This means the devices can remain infected and used whenever desired by a hacker to perform a DDoS without the user being aware. 

A LizardStressor C&C server tracked by network specialists Arbor Networks was linked to more than 1,000 source IP addresses – providing the hackers with 400Gbps of traffic. Targets appear to be mostly based in Brazil, but also gaming sites around the world. 

90% of the hosts that responded had an HTML title of “NETSurveillance WEB” which is generic code used by a variety of IoT devices and the default password for which is available online. A possible reason hackers targeted Brazil is they could be the biggest users of NETSurveillance devices. 

Most DDoS attacks have now become powerful enough to knock most businesses offline, which makes them a serious threat. Some businesses are even seeing them used to "distract" whilst data is stolen elsewhere. 

Are you surprised at the use of IoT devices for DDoS attacks? Share your thoughts in the comments.

https://www.iottechexpo.com/wp-content/uploads/2018/09/iot-tech-expo-world-series.pngInterested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.

The show is co-located with the AI & Big Data Expo, Cyber Security & Cloud Expo and Blockchain Expo so you can explore the entire ecosystem in one place.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.