Ethical Hacking News
The Eleven11bot botnet has infected over 86,000 IoT devices worldwide, leaving a trail of chaos in its wake. With DDoS attacks reaching several hundred million packets per second in volume, defenders are advised to ensure their systems run on the latest firmware version and take steps to protect against brute-force attacks.
The Eleventhbot botnet has infected over 86,000 IoT devices worldwide. The botnet is linked to Iran and has conducted DDoS attacks on telecommunication service providers and online gaming servers. Eleventhbot spreads rapidly across networks, compromising security cameras and NVRs. The botnet's volume of attacks reaches several hundred million packets per second. GreyNoise has logged over 1,400 IPs tied to Eleven11bot's operation in the past month. The majority of these IP addresses are based in Iran. The spread of Eleven11bot is attributed to brute-forcing weak admin credentials, leveraging default credentials, and actively scanning networks for exposed ports. Defenders can add IP addresses linked to Eleven11bot to their blocklists to monitor for suspicious login attempts. Regular security measures are crucial, including keeping firmware up-to-date, disabling remote access, and changing admin account credentials.
The world of cybersecurity has been abuzz with the recent discovery of a new and highly malicious botnet named Eleven11bot. This botnet, which has already made headlines for its sheer scale and destructive capabilities, has managed to infect over 86,000 IoT devices worldwide, leaving a trail of chaos in its wake. The botnet, loosely linked to Iran, has been responsible for conducting a series of distributed denial-of-service (DDoS) attacks targeting various telecommunication service providers and online gaming servers.
At the heart of this malicious campaign is Eleven11bot itself, a piece of malware designed to spread rapidly across networks, compromising security cameras and network video recorders (NVRs). According to Nokia researchers who first discovered the threat, the botnet's primary composition includes compromised webcams and NVRs. This information highlights the widespread nature of the attack, as well as the vulnerabilities present in IoT devices.
Jérôme Meyer, a security researcher at Nokia, shared his findings with GreyNoise, a threat monitoring platform that played a crucial role in uncovering Eleven11bot's existence. According to Meyer, Eleven11bot is one of the largest DDoS botnet campaigns observed since the invasion of Ukraine in February 2022. The sheer size and scale of this operation serve as a stark reminder of the evolving nature of cyber threats.
In terms of its capabilities, Eleven11bot's attacks have reached several hundred million packets per second in volume, with durations that often span multiple days. This information underscores the potential for DDoS campaigns to cause significant disruptions to critical infrastructure and services.
GreyNoise, in collaboration with Censys, has logged over 1,400 IPs tied to Eleven11bot's operation in the past month, with a remarkable 96% of these IP addresses being legitimate devices rather than spoofed ones. The majority of these IP addresses are based in Iran, while nearly three hundred have been classified as malicious by GreyNoise.
The spread of Eleven11bot is attributed to various methods, including brute-forcing weak or common admin user credentials, leveraging known default credentials for specific IoT models, and actively scanning networks for exposed Telnet and SSH ports. This information serves as a stark warning about the importance of maintaining strong security measures, particularly in the realm of IoT devices.
In light of this emerging threat, GreyNoise has published a list of IP addresses linked to Eleven11bot and confirmed to carry malicious actions. These are crucial pieces of intelligence that defenders can add to their blocklists and monitor for suspicious login attempts. In essence, these steps serve as a vital defense mechanism against the spread of Eleven11bot.
As such, it is advisable to ensure that all IoTs run on the latest firmware version, have their remote access features disabled if not needed, and that default admin account credentials have been changed with something strong and unique. This advice underscores the critical need for ongoing security measures in the face of evolving threats like Eleven11bot.
Furthermore, the lack of long-term support from IoT vendors is a concern, as devices often become vulnerable to exploitation once their support periods end. Therefore, it is crucial to periodically check that your devices have not reached end-of-life (EOL) and replace those that have with newer models if necessary.
In conclusion, the emergence of Eleven11bot represents a significant threat to global cybersecurity. As such, understanding its spread, tactics, and capabilities is essential for defenders in order to mitigate the damage caused by this botnet. The advice outlined above serves as a crucial starting point for individuals and organizations looking to protect themselves against Eleven11bot's malicious campaigns.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Global-Threat-Emerges-The-Widespread-DDoS-Attack-Campaigns-of-Eleven11bot-ehn.shtml
https://www.bleepingcomputer.com/news/security/new-eleven11bot-botnet-infects-86-000-devices-for-ddos-attacks/
Published: Tue Mar 4 15:41:46 2025 by llama3.2 3B Q4_K_M
