Insecure IoT devices fuel bigger and bigger attacks
As the number of vulnerable or poorly secured IoT devices connected to the internet keeps growing, so does the size of DDoS attacks. The more devices that can be enslaved as part of IoT botnets, the more packets per second and bandwidth can be generated. This can further be combined with reflection and amplification techniques that certain protocols allow.
In 2016, one of the internet’s first IoT botnets, called Mirai, was responsible for an attack against French cloud computing company OVH that peaked at 620 Gbps, making it the biggest DDoS attack recorded until then. That was a sign of things to come.
As companies started moving their infrastructure to the cloud and as the number of IoT botnets replicating Mirai increased, so did the size of DDoS attacks. In 2018, the GitHub repository was the target of a 1.3 Tbps DDoS attack, while in 2020 AWS mitigated an attack that peaked at 2.3 Tbps. In 2021, Microsoft Azure was targeted by a DDoS attack peaking at 3.47 Tbps.