LizardStresser botnet attack on IoT devices
June 2016 by Arbor Networks
Arbor Networks has today released new research on the reappearance of the LizardStresser botnet – affecting IoT devices - which has been used to target a number of telcos, financial and government institutions in Brazil as well as three large gaming companies in the USA. The botnet was initially created as a Distributed Denial of Service botnet by the Lizard Squad Group, who subsequently opened up the source code in 2015 and made it public.
There has been a spike in LizardStresser attacks in 2016, as threat actors have discovered that the extremely simple to run botnet is well placed for attacks on IoT-enabled devices, with observed DDoS attacks of over 400Gbps possible, without the use of amplifications.
Given the exponential uptake in IoT-enabled devices, and the ease with which an unsophisticated botnet can cause significant damage to major institutions, it is timely to consider the very real possibility of compromised devices affecting individuals and organisations going forward.