A newly identified botnet, Eleven11bot, has emerged as a significant cyber threat, compromising over 80,000 internet-connected devices globally. Nokia Deepfield’s Emergency Response Team (ERT) has reported that this botnet primarily targets security cameras and network video recorders (NVRs), utilising them to launch distributed denial of service (DDoS) attacks. These attacks have notably impacted telecom providers and gaming platforms, causing disruptions that have lasted for several days.
Security researchers have highlighted the scale of Eleven11bot, describing it as one of the largest DDoS botnet campaigns since early 2022. The botnet’s activity has been traced largely to Iran, with industry analysis indicating that a significant portion of the botnet’s IPs are based in the region. This surge in activity coincides with recent economic sanctions imposed on Iran by the U.S. administration.
Reports reveal that the majority of the observed IPs are non-spoofable, indicating they originate from genuine, accessible devices. The botnet’s expansion strategy includes brute-force attacks on login systems, exploiting weak and default passwords on IoT devices, and specifically targeting certain security camera brands using hardcoded credentials. Additionally, the botnet conducts network scans for exposed Telnet and SSH ports, which are often left unprotected on IoT hardware.
For organisations looking to defend against Eleven11bot, several proactive measures are recommended. These include blocking traffic from known malicious IPs, monitoring network logs for unusual login attempts, and securing IoT devices by changing default passwords, updating firmware, and disabling unnecessary remote access. Implementing DDoS protection and rate-limiting is also advised to bolster network defences against high-intensity attacks.
Security Operations Centres (SOCs), vulnerability management professionals, and threat hunters can track the botnet’s live activity by analysing IP data and taking immediate blocking actions based on identified threats.
As the Eleven11bot continues to pose a threat, organisations are urged to remain vigilant and adopt DDoS defence measures to protect their networks from this and similar cyber threats.
About FastNetMon
FastNetMon is a leading solution for network security, offering advanced DDoS detection and mitigation. With real-time analytics and rapid response capabilities, FastNetMon helps organisations protect their infrastructure from evolving cyber threats.
For more information, visit https://fastnetmon.com