Researchers from Imperva have uncovered a new botnet that can rival Mirai using IoT devices to generate a 650Gbps DDoS attack.

Dubbed “Leet”, identified by the signature the malware’s author left in the TCP header: “1337” which is hacker code for "Elite", the attack targeted several anycasted IPs on the Imperva Incapsula network. The first attack peaked at 400Gbps. It was followed up by a second attack that generated a 650Gbps DDoS flood of more than 150 million packets per second (Mpps).

“Attacks that combine the use of small and large payloads have become increasingly common since we first reported them in the spread their odds by trying to both clog network pipes and bring down network switches,” researchers said in an analysis. They added, “While some [of the large] payloads were populated by seemingly random strings of characters, others contained shredded lists of IP addresses. These shredded IP lists hinted … that the malware we faced was programmed to access local files and scramble their content to generate its payloads.”

Mirai uses random strings in its attacks while this new botnet uses system files. “So far, all of the huge DDoS attacks of 2016 were associated with the Mirai malware,” the researchers said. “However, the payload characteristics clearly show that neither Mirai nor one of its more recent variants was used for this assault.”

“With 650Gbps under its belt, the Leet botnet is the first to rival Mirai’s achievements. However, it will not be the last. This year we saw DDoS attacks escalate to record heights and these high-powered botnet are nothing more than a symptom of the times.”

This foreshadows things to come.

Source: Info Security