Another Massive Cyberattack Scheme Revealed: Leet Botnet

By Paul Ausick Updated Jan 12, 4:18PM EST · Published Dec 29, 12:40PM EST

Follow 24/7 Wall St. on Google

This post may contain links from our sponsors and affiliates, and Flywheel Publishing may receive compensation for actions taken through them.

Another Massive Cyberattack Scheme Revealed: Leet Botnet — © Thinkstock

The largest cyberattacks of 2016 were all the product of what is called a dedicated denial of service (DDoS) attack. These attacks are intended primarily to disrupt normal internet traffic by flooding the servers and other devices with bogus network traffic.

In mid-October, domain-name server (DNS) site Dyn was pounded with an estimated 1.2-terabits per second of malicious traffic. The DDoS attack affected some of the biggest internet names out there, including Facebook, Netflix and Yahoo.

Most of this year’s DDoS attacks were some variation of malware known as the Mirai botnet, which hijacks Internet of Things (IoT) devices and uses them to generate the bogus network packets.

Researchers at internet security solutions provider Imperva last week identified a new DDoS attack called the Leet botnet, so named for a signature left by the author: “1337,” or hacker speak for “leet,” meaning “elite.”

[nativounit]

The Imperva researchers identified two attacks that took place on December 21. The first generated about 400 gigabits per second (Gbps) of traffic, but failed to dent the company’s servers. A second attack the same day generated about 650 Gbps, or about 150 million network packets per second.

What made the Leet botnet different from the Mirai version? According to Imperva’s researchers:

Both [Leet] attack bursts originated from spoofed IPs, making it impossible to trace the botnet’s actual geo-location or learn anything about the nature of the attacking devices.

IoT devices? Maybe, but very likely not.

The attack also used regularly sized synchronizing packets (called SYN packets) of 44 to 60 bytes and abnormally large SYN packers of 799 to 936 bytes. According to Imperva, the attack tried both to clog network pipes and bring down network switches.

The researchers said:

So far, all of the huge DDoS attacks of 2016 were associated with the Mirai malware. However, the payload characteristics clearly show that neither Mirai nor one of its more recent variants was used for this assault. …

With 650 Gbps under its belt, the Leet botnet is the first to rival Mirai’s achievements. However, it will not be the last. This year we saw DDoS attacks escalate to record heights and these high-powered botnet are nothing more than a symptom of the times.

Their conclusion: “It’s about to get a lot worse.”

For the full report, visit the Imperva website.

[wallst_email_signup]

About the Author Paul Ausick →

Paul Ausick has been writing for a673b.bigscoots-temp.com for more than a decade. He has written extensively on investing in the energy, defense, and technology sectors. In a previous life, he wrote technical documentation and managed a marketing communications group in Silicon Valley.

He has a bachelor's degree in English from the University of Chicago and now lives in Montana, where he fishes for trout in the summer and stays inside during the winter.