Say Cheese: a snapshot of the massive DDoS attacks coming from IoT cameras

Recent DDoS attacks against web applications are showing new trends in their methods, with attackers switching to large L7 (HTTP) attacks instead of traditional volumetric L3/4 attacks like SYN floods and NTP/DNS reflection. These L7 attacks aim to knock web applications offline by consuming server resources through actual HTTP requests. Two recent examples of such attacks were analyzed, one peaking at 1.75 million HTTP requests per second (1 Mrps) and the other generating significant inbound bandwidth of up to 360 Gbps. The source of these attacks appears to be Internet-of-Things devices like connected cameras and Network Attached Storage systems. As more IoT devices are added to the internet, it is likely that they will become unwilling participants in future DDoS attacks.