This article is more than 1 year old
CloudFlare warns of another massive botnet, er, flaring up
DDoS attacks on the horizon as White House cybersecurity report issues recommendations
CloudFlare has warned of another massive botnet that appears to be ramping up and targeting the US West Coast.
In a blog post, the content delivery network said it has been watching a flood of attack traffic that started two weeks ago and appears to have been coming from one person testing out its abilities before moving it to 24-hour management.
The news of another botnet that may equal or surpass the Mirai botnet comes as a report from the White House's special cybersecurity commission delivered its recommendations to the president, in which it highlighted the issues and called for more action on mitigating and eliminating such threats.
Remarkably, CloudFlare concluded from observing the attack traffic – which peaked at 172Mpps (million packets per second), equivalent to 400Gbps (gigabits per second) – that the botnet was being turned on and off seemingly by an individual working a nine-to-five job.
"The attack started at 1830 UTC and lasted non-stop for almost exactly 8.5 hours, stopping at 0300 UTC," the company wrote. "It felt as if an attacker 'worked' a day and then went home."
That same attacker then did the same thing every day for over a week before his daily schedule suddenly shifted to a 24-hour attack – suggesting that it was taken over by an organized group.
But perhaps most importantly, the attack traffic was not due to the Mirai botnet, which has been causing havoc in recent weeks. CloudFlare notes that whoever is behind it is using different software and different methods, namely "very large L3/L4 floods aimed at the TCP protocol."
The attacks are focused on "a small number of locations mostly on the US west coast."
Meanwhile, the 100-page report [PDF] from the Commission on Enhancing National Cybersecurity digs into the issue of cybersecurity and what the US government should do about it, concluding that it needed to do a lot and to do it as quickly as possible.
It identifies six "imperatives" and makes 16 recommendations with no fewer than 53 "action items" in relation to them.
In the broadest terms, the report urges the president to get the US government to work closely with the private sector to come up with ways to both handle cybersecurity problems and develop new programs to tackle future problems.
The sheer size and breadth of recommendations demonstrates just how much ground has to be made up on cybersecurity. And President Obama appears to believe so too, noting that his administration "will take additional action wherever possible ... to make progress on its new recommendations before the end of my term." He also strongly recommends the report to the Trump Administration and Congress.
"We must provide sufficient resources to meet the critical cybersecurity challenges called out in the Commission's report," the president says in a blog post announcing the report. "We have the opportunity to change the balance further in our favor in cyberspace – but only if we take additional bold action to do so."
Among a series of bureaucratic suggestions, such as creating new working groups, the report also makes some policy recommendations, including encouraging the use of strong encryption and focusing on IoT security.
The very first action item in the report, however, focuses on the risk that botnet and DDoS attacks represent: "The Administration should focus first on mitigating and, where possible, eliminating denial-of-service attacks, particularly those launched by botnets," it states. "It should then expand its scope to other attacks on Internet infrastructure, including the Domain Name System." ®