Intermittent DDoS attacks powered by the largest of the many Mirai-powered botnets targeting the African nation of Liberia have ceased today.
Researcher Kevin Beaumont who disclosed the attacks on Thursday said also that the domain controlling the attacker’s command and control infrastructure was disabled by registrar eNom; that domain pre-dates the DDoS attacks two weeks ago against Dyn.
While the attacks against Liberia have been shut down, they did this week periodically interrupt Internet service to the country and one mobile service provider told the IDG News Service that the attacks were “killing” its business and revenue.
Beaumont, a security architect with a U.K. company, said that Liberia has one undersea cable servicing Internet connectivity for the entire country. Telecommunications companies and service providers jointly own the cable, which provided the attackers with a single point of failure to focus their attack. Beaumont also said that the botnet was able to generate 500 Gbps of traffic, making it among the largest attacks ever publicly recorded. The researcher, however, believes this was a test of denial-of-service capabilities against a nation.
Beaumont also said that the botnet was able to generate 500 Gbps of traffic, making it among the largest attacks ever publicly recorded. The researcher, however, believes this was a test of denial-of-service capabilities against a nation. “The attacks were short in duration, done in different ways against the same targets over a prolonged period, and against a nation which has some interesting characteristics – small, low profile, low percentage of Internet use per head,” Beaumont told Threatpost. Once Beaumont published his report on Thursday, the attackers also pointed their DDoS traffic at a botnet monitoring service called MalwareTech, tracking its activity, and sent veiled threats to Beaumont.