Hackers unleash botnet capable of ‘killing most companies’

Security researchers have uncovered what could be the biggest ever botnet, capable of “crippling digital assaults” that could take down entire companies.

Hackers performed what appeared to be a test run of the botnet’s capabilities last week, targeting the website of cybercrime investigator Brian Krebs.

The attack was measured at 6.3 terabits of data per second (Tbps) – roughly 10 times the size of the notorious Mirai botnet that caused massive disruption throughout the world in 2016.

“The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand,” Mr Krebs wrote in a blog post detailing the attack on his site.

A botnet is created by compromising the security of internet-connected devices and linking them together to carry out distributed-denial-of-service (DDoS) attacks, which overwhelms websites and online services with traffic to knock them offline.

Infected devices drawn into a botnet often take the form of smart devices like fridges or security cameras that typically use default passwords and have less security than smartphones and computers.

Google Security Engineer Damian Menscher, who works on the service that provides DDoS protection for the KrebsOnSecurity site, said it was the largest attack that Google has ever handled.

The attack lasted for less than a minute and is believed to be a trial run of a devastating new botnet called Aisuru.

“It was the type of attack normally designed to overwhelm network links,” said Menscher. “For most companies, this size of attack would kill them.”

Recent findings from cyber monitoring firm NetScout revealed that hackers launched over 27,000 botnet attacks in March, hitting service providers with an average of one attack every two minutes.

Many of these are from so-called DDoS-for-hire services, which rent out botnets to hackers via Telegram channels.

In August last year, security researchers saw the Aisuru botnet being offered at prices of around $150 per day, though it was a third of the strength it is today.

“The 6.3 Tbps attack last week caused no visible disruption to this site, in part because it was so brief,” Mr Krebs said.

“DDoS attacks of such magnitude and brevity typically are produced when botnet operators wish to test or demonstrate their firepower for the benefit of potential buyers.”