Largest DDoS Attack 1TBPS, Directed to OVH Hosting.

OVH Hosting has recently suffered from an outstanding 1TBPS DDoS attack. This is one of the largest attacks that the Internet has seen.

OVH Hosting happens to be one of the largest known hosting companies on the globe. However, they have landed in the news spotlight for the worst possible reason, as this company has been directly hit with an outstanding 1TBPS DDoS attack.

Just to get some air cleared here, 1TBPS is stating that OVH Hosting had been hit with a 1-Terabyte Per Second DDoS attack (Distributed Denial of Service), which is indeed outstanding, when talking about the performance of an attack rather than the attack itself.

Just last Thursday, the founder of OVH Hosting, as well as CTO, Octave Klaba, had Tweeted on their feed “Last days, we got lot of huge DDoS. Here the list of “bigger that 100Gbps” only. You can see the simultaneous DDoS are close to 1 Tbps!”

Klaba has also provided a screen shot of the several attacks in which have been commenced against the hosting company. Within this screen shot, several of these attacks have been able to exceed that of an outstanding 100GBPS. These attacks have been directed at the OVH servers. Even more surprising, speaking on behalf of the tactics of the attack, and not the attack itself, is the simultaneously reoccurring 1TBPS attack.

Last days, we got lot of huge DDoS. Here, the list of “bigger that 100Gbps” only. You can see the
simultaneous DDoS are close to 1Tbps ! pic.twitter.com/XmlwAU9JZ6

— Octave Klaba / Oles (@olesovhcom) September 22, 2016

Getting a little bit into the technical aspect of how this attack had been carried out, brings us another surprise. As reported by Klaba, the perpetrators involved in this attack had utilized the IoT (Internet of Things) to be able to include several surveillance cameras, carrying out their DDoS attacks on the OVH Hosting company.

Brian Krebs posted an article on his website, discussing the DDoS attacks and said: “Why do I speak of DDoS attacks as a form of censorship? Quite simply because the economics if mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists.”

As we are all aware by now, thanks to big-shot hacktivist groups such as PoodleCorp and LizardSquad, DDoS attacks are not such a phenomenon anymore, as we are frequently hearing about several companies falling victim to them, from any number of hacktivist groups. However, earlier this week, we have learned that Brian Krebs, journalist and cybercrime investigator host of KrebsOnSecurity, had become a target of a large DDoS attack – hitting an outstanding 665GBPS. It is evident that this attack was commenced after his latest block, in which Krebs had exploited the DDoS attack services while utilizing vDOS operations.

While this was an extremely massive attack, the intensity of this attacked had been weaken by Akami. However, as reported by Krebs, these attackers were persistent with their attack against the OVH Hosting servers. It was at that point in which Krebs Security stepped onto the playing field, ultimately seizing the protection of DDoS security to his website (which had allowed the attackers to attempt of taking down his website). However, the hackers were unable to prevail in their attacks to take down the KrebsOnSecurity website.

Now, how was it really commenced by utilizing the IoT?

The IoT is in reference to a non-stop growing network consisting of physical devices in which provides a specific IP address, aiding access to the network system. This allows physical devices to communicate with other physical objects that are also connected to the Internet.

The attackers behind this massive attack were able to hack their way into the CCTV System (surveillance cameras), in order to develop a type of DDoS botnet to carry out their DDoS attack. They pointed their botnets to OVH Hosting servers, intending to take down their servers. However, although the servers may not have gone down 100% as expected, it did make the connections to and from, rather slow. The attackers gained full access to the CCTV System by utilizing the cameras default login credentials and then brute forced the password system. In the United States of America alone, there are thousands of these unprotected security cameras that can easily be taken over by hacktivists and utilized for a massive DDoS attack.

Below, we can see a map of the States, thanks to Odette.Carto, showing the most unsecured security cameras.

It was just a few short months ago, security researchers was able to reveal hacktivist group Lizard Squad, hacking into CCTV systems and performing their own DDoS attacks against different financial intuitions, as well as different government sectors in Brazil. The DDoS prevention bestowed by Sucuri, as well as Incapsula, revealed thousands of these CCTV systems were not only a target of a simple attack to gain access to those cameras, but to turn those into DDoS botnets. The concept behind using CCTV Security Cameras for DDoS allows for the attackers to turn the cameras into a small computer to host a botnet. When you have several thousands of cameras using the same botnet services and you start your attack, then essentially you will have thousands of “computers” commencing a DDoS attack against your selected target, thus making it appear that the target is being attacked by several computers from across the world, or a selected country.

Sources: OVH Hosting, Krebs on Security, Akami, Fortune, Hack Read, Odette.Carto.

This article (Largest DDoS Attack 1TBPS, Directed to OVH Hosting) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.