Eleven11bot botnet infects 86,000+ IoT devices, launching massive DDoS attacks

The Eleven11bot malware has compromised more than 86,000 Internet of Things devices, creating one of the largest botnets in recent times. This network is used to carry out disruptive DDoS attacks targeting telecommunication providers and online gaming servers.

What happened

A newly discovered botnet, Eleven11bot, has infected more than 86,000 Internet of Things (IoT) devices, primarily targeting security cameras and network video recorders (NVRs). The botnet is being used to launch distributed denial of service (DDoS) attacks against telecommunication service providers and online gaming servers.

Threat monitoring platform The Shadowserver Foundation reported that Eleven11bot has compromised 86,400 IoT devices worldwide, with infections heavily concentrated in the United States, the United Kingdom, Mexico, Canada, and Australia.

Going deeper 

Nokia researchers uncovered Eleven11bot and reported their findings to the threat intelligence platform GreyNoise. This rapidly growing botnet has drawn attention due to its scale and potential impact, with security experts warning that it is among the largest DDoS botnets observed in recent years. The malware propagates by brute-forcing weak or default admin credentials on exposed IoT devices and actively scanning for unsecured Telnet and SSH ports.

GreyNoise and Censys tracked 1,400 IPs associated with the botnet in the past month, with 96% of them confirmed to be real compromised devices rather than spoofed sources. A significant portion of the botnet's infrastructure appears to be based in Iran, and over three hundred identified IP addresses are classified as malicious.

What was said

Jérôme Meyer, a security researcher at Nokia, emphasized the unprecedented scale of the botnet. "Primarily composed of compromised webcams and Network Video Recorders (NVRs), this botnet has rapidly grown to exceed 30,000 devices," Meyer stated. He further noted, "Its size is exceptional among non-state actor botnets, making it one of the largest known DDoS botnet campaigns observed since the invasion of Ukraine in February 2022."

Meyer also warned that the botnet’s attacks have reached several hundred million packets per second and can last multiple days, making them particularly disruptive to targeted networks.

In the know 

A botnet is a network of compromised devices, often controlled remotely by a cybercriminal, to perform malicious activities such as DDoS attacks, data theft, and spam distribution. These devices, referred to as "bots" or "zombies," are typically infected through malware that exploits vulnerabilities or weak security settings.

Once under the attacker's control, the botnet can launch large-scale cyberattacks, overwhelming websites, networks, or critical infrastructure. Botnets can be used for financial gain, cyber warfare, or disruption of services. Since IoT devices often lack robust security, they are prime targets for botnet infections. Protecting against botnets requires strong authentication, regular firmware updates, and network monitoring to detect and prevent unauthorized access.

Why it matters

The Eleven11bot botnet highlights cybersecurity risks in insecure IoT devices, particularly in healthcare. The healthcare sector, relying on IoT for patient monitoring, data storage, and facility security, is particularly vulnerable. Attacks could disrupt operations, delay care, and expose sensitive data. Strengthening IoT security through firmware updates, strong authentication, and network monitoring is crucial.

See also: HIPAA Compliant Email: The Definitive Guide

FAQS

How can I protect my IoT devices from botnet infections?

Ensure devices have strong, unique passwords, update firmware regularly, disable unnecessary remote access features, and monitor for suspicious activity.

What should organizations do to defend against botnets, including Eleven11bot?

Organizations should implement strong cybersecurity measures, including network monitoring, intrusion detection, blocking known malicious IPs, and enforcing strict access controls on IoT devices.

Go deeper: How to protect your organization against botnets

What long-term actions should be taken to prevent botnet threats?

• Regularly replace outdated IoT devices
• Ensure security best practices are followed
• Stay informed about emerging cyber threats to mitigate future risks.