Another Massive Cyberattack Scheme Revealed: Leet Botnet

Print Email

The largest cyberattacks of 2016 were all the product of what is called a dedicated denial of service (DDoS) attack. These attacks are intended primarily to disrupt normal internet traffic by flooding the servers and other devices with bogus network traffic.

In mid-October, domain-name server (DNS) site Dyn was pounded with an estimated 1.2-terabits per second of malicious traffic. The DDoS attack affected some of the biggest internet names out there, including Facebook, Netflix and Yahoo.

Most of this year’s DDoS attacks were some variation of malware known as the Mirai botnet, which hijacks Internet of Things (IoT) devices and uses them to generate the bogus network packets.

Researchers at internet security solutions provider Imperva last week identified a new DDoS attack called the Leet botnet, so named for a signature left by the author: “1337,” or hacker speak for “leet,” meaning “elite.”

The Imperva researchers identified two attacks that took place on December 21. The first generated about 400 gigabits per second (Gbps) of traffic, but failed to dent the company’s servers. A second attack the same day generated about 650 Gbps, or about 150 million network packets per second.

What made the Leet botnet different from the Mirai version? According to Imperva’s researchers:

Both [Leet] attack bursts originated from spoofed IPs, making it impossible to trace the botnet’s actual geo-location or learn anything about the nature of the attacking devices.

IoT devices? Maybe, but very likely not.

The attack also used regularly sized synchronizing packets (called SYN packets) of 44 to 60 bytes and abnormally large SYN packers of 799 to 936 bytes. According to Imperva, the attack tried both to clog network pipes and bring down network switches.

The researchers said:

So far, all of the huge DDoS attacks of 2016 were associated with the Mirai malware. However, the payload characteristics clearly show that neither Mirai nor one of its more recent variants was used for this assault. …

With 650 Gbps under its belt, the Leet botnet is the first to rival Mirai’s achievements. However, it will not be the last. This year we saw DDoS attacks escalate to record heights and these high-powered botnet are nothing more than a symptom of the times.

Their conclusion: “It’s about to get a lot worse.”

For the full report, visit the Imperva website.