There’s been a troubling rise in significant Distributed Denial of Service (DDoS) attacks affecting both cybersecurity experts and everyday internet users. Powered by Internet of Things (IoT) botnets, these attacks are growing in scale and raising important questions about the security of our connected world. On January 22, 2025, Cloudflare, a prominent web infrastructure and security firm, shared that they successfully blocked the most significant DDoS attack on record. This extraordinary event peaked at an astonishing 5.6 terabits per second (Tbps) and targeted an unnamed Internet Service Provider (ISP) in Eastern Asia, setting a new benchmark beyond the previous record of 3.8 Tbps that Cloudflare had also managed just months earlier. This massive assault was driven by a variant of the notorious Mirai botnet, which used over 13,000 compromised IoT devices. Since its emergence in 2016, Mirai has remained a significant player in cybersecurity, consistently evolving and giving rise to new variants that continue to pose challenges.
The Rise of IoT Botnets (This sounds more like a blockbuster movie title)
The Internet of Things has become a double-edged sword. While it offers unprecedented connectivity and convenience, it also provides cybercriminals with many poorly secured devices to exploit. IoT devices, ranging from smart home appliances to industrial sensors, often lack robust security measures, making them prime targets for botnet recruitment. Omer Yoachimik and Jorge Pacheco of Cloudflare explained, “The attack lasted only 80 seconds and originated from over 13,000 IoT devices.” This brief but intense assault highlights a growing trend in DDoS attacks – short duration but extremely high volume, designed to overwhelm targets quickly before defenses can respond.
We are truly a connected world!
The threat is not isolated to a single region. Cybersecurity firms Qualys and Trend Micro have reported Mirai offshoots targeting IoT devices worldwide. These botnets exploit known vulnerabilities and weak credentials to compromise devices and use them as conduits for DDoS attacks. Cloudflare’s data reveals a 53% increase in DDoS threats in 2024 compared to the previous year, with approximately 21.3 million DDoS attacks blocked over 12 months. More alarmingly, there was a 1,885% surge in attacks exceeding 1 Tbps between the third and fourth quarters of 2024.
The Mirai Legacy Grows
The Mirai botnet, infamous for its 2016 attacks that briefly crippled parts of the internet, continues to evolve. Since its source code was made public, numerous variants have emerged, each with specializations and targets. Recent research by Qualys uncovered a new Mirai variant, “Murdoc,” specifically targeting AVTECH Cameras and Huawei HG532 routers. This botnet, comprising around 1,300 IoT devices, demonstrates the ongoing innovation in malware development.
Industry Response and Mitigation Strategies
As the threat landscape evolves, so too must defense strategies. Cloudflare’s success in mitigating the record-breaking attack without human intervention showcases the importance of automated defense systems. Experts recommend a multi-layered approach to DDoS mitigation, including:
- Regular firmware updates for IoT devices
- Changing default passwords and strengthening device security
- Implementing network segmentation to isolate IoT devices
- Utilizing DDoS mitigation services and Content Delivery Networks (CDNs)
- Employing real-time monitoring and traffic analysis tools
The cybersecurity community is navigating an exciting but challenging landscape as we fully embrace the Internet of Things. While the convenience of connected devices brings us so much joy, pairing this with strong security measures to keep them safe from those looking to exploit vulnerabilities is essential. Cybersecurity journalist Patrick Howell O’Neill wisely points out, “The rise of insecure IoT devices has created a perfect storm for botnet operators. Until manufacturers prioritize security alongside functionality, we expect these massive attacks to grow in scale and frequency.” Moving forward, it’s vital for device manufacturers, cybersecurity firms, and users like us to work together to create a more secure Internet ecosystem. The recent surge in record-breaking DDoS attacks is a clear reminder of the ongoing battle between cyber criminals and defenders in our interconnected world.
