Dubbed Eleven11bot, this rogue botnet has stitched together around 30,000 hijacked security cameras and video recorders into a digital wrecking ball.
First flagged in February by Nokia’s Deepfield Emergency Response Team, the botnet has been throwing tantrums ever since, unleashing "hyper-volumetric attacks" that choke internet connections with sheer brute force.
Unlike your run-of-the-mill DDoS, which beats up a server’s processing power, this flavour of internet vandalism simply drowns its targets in so much junk data that everything grinds to a halt.
This beast isn’t messing about—it hit a gut-punching 6.5 terabits per second on February 27, smashing the previous record of 5.6 Tbps set in January.
Most of the enslaved gadgets are security cameras, mostly running on HiSilicon chips, with some potentially tied to Hikvision network video recorders.
Security bods at Greynoise reckon Eleven11bot is a nasty new strain of Mirai—the infamous malware that’s been running riot since 2016 after some muppet leaked its source code online, triggering a never-ending parade of copycat attacks.
This latest variant is suspected of exploiting a fresh vulnerability in TVT-NVMS 9000 digital video recorders, making it a doddle to conscript new devices.
Meanwhile, no one can agree on how big this cyber-monster is. Nokia pegs it at 30,000 infected devices, while the Shadowserver Foundation reckons it’s more like 86,000. Greynoise called both figures a load of tosh, claiming the actual number is under 5,000.
The disagreement largely concerns how these infected devices report themselves, with some experts suggesting that duplicate fingerprints may have bloated previous estimates.
Mirai-based botnets like Eleven11bot spread by exploiting unpatched vulnerabilities and brute-forcing admin credentials left unchanged by manufacturers too lazy to lock things down properly. Security wonks recommend shoving IoT gadgets behind a proper firewall, disabling remote access unless necessary, and using actual passwords instead of the default "admin/admin" nonsense.
Oh, and in silicon heaven’s name install your security updates—assuming the manufacturer hasn’t already abandoned your device like an unwanted Christmas jumper.
