View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 25, 2019updated 29 Aug 2019 1:55pm

Entertainment Streaming Service Hit By 13-Day Botnet Attack

"Nothing prevents the attacker from including other malicious software"

By CBR Staff Writer

The streaming application of an entertainment company was under siege for 13-days as a 400,000 device-strong IoT botnet hammered at its network and servers during an extensive distributed denial-of-service (DDoS) attack.

The attack occurred on April 24, during which the streaming server was hit with more than 290,000 request per second when the attack was in full swing, which makes it one of the largest Layer 7 DDoS attacks recorded.

Layer 7 attacks refer to those targeting the top layer in the OSI model where common internet requests such as HTTP GET and HTTP POST occur, in contrast to network layer attacks such as DNS Amplification. This particular attack sought to crash the company’s servers by overworking it with GET/POST requests.

See also: A Tale of Two Honeypots: From Telnet to the Cloud

Vitaly Simonovich security researcher at Imperva,which detected the attack, wrote in a report that: “The attackers used a legitimate User-Agent, the same as used by the entertainment industry customer service application, to mask their attack.”

“For a time, the attack targeted the authentication component of the streaming application. We are not sure if the intent of the attackers was to perform a brute force attack or DDoS attack, but without an accurate mitigation mechanism, the result was the same — denial of service.”

Botnet Attack Layer 7Entertainment Botnet Attack

When Imperva looked at the attack they found that most of the IPs had the same open ports; 2000 and 7547, theses ports are often associated with IoT device that are infected by Mirai malware.

Upon an analysis of the IPs that were connected to the attack Imperva noticed that the majority of the attack had apparently been orchestrated from a source in Brazil, although false flag efforts by hackers can make tracing the source of an attack challenging.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Mirai, which takes over insecure Internet of Things (IoT) devices, from routers to baby monitors, became infamous in 2016 after using a sprawling network of compromised devices to cripple domain registration service provider Dyn.

The high profile DDoS attack, which made use of over 500,000 infected devices, took Dyn customers including the BBC, Netflix and Twitter offline for hours.

Imperva researchers note that Mirai is a malware that can be altered easily stating that: “Mirai source code contains only DDoS functionality, but nothing prevents the attacker from including other malicious software to take advantage of compromised devices and perform additional attacks, such as brute force.”

See Also: Docker Enterprise 3.0: What’s New?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.