Hackers have launched a huge multi-vector attack through an army of bots controlled by the new Spike Distributed Denial of Service (DDoS) toolkit.
The multi-vector toolkit can launch infrastructure-based and application-based DDoS payloads.
Attacks include SYN flood, UDP flood, Domain Name System (DNS) query flood, and GET floods.
Several campaigns have been reported against hosts in Asia and the United States, according to Akamai.
DDoS attack campaigns launched from the botnet have targeted Akamai customers.
One DDoS attack campaign mitigated by Akamai peaked at 215 gigabits per second (Gbps) and 150 million packets per second (Mpps).
The Spike DDoS toolkit runs on a Windows system, but it can communicate and execute commands to Windows, Linux and ARM-based devices infected with its binary payloads.
According to Akamai, the ability to generate an ARM-based binary payload suggests that the authors of this malicious tool are seeking to control devices such as routers and Internet of Things (IoT) devices (smart thermostat systems and washer/dryers).
The capability to infect and control a broader range of devices could allow DDoS attackers to propagate botnets in a post-PC era.
In response, Akamai has released a new cybersecurity threat advisory, through the company’s Prolexic Security Engineering and Response Team.
The advisory alerts enterprises to a high-risk threat of powerful distributed denial of service (DDoS) attacks from the Spike DDoS toolkit.
With this toolkit, malicious actors are building bigger DDoS botnets by targeting a wider range of Internet-capable devices.
Akamai senior vice president and general manager, security, Stuart Scholly, said, this quarter, his company had mitigated huge multi-vector DDoS attack campaigns that it traced to bots controlled by the new Spike DDoS toolkit
"This DDoS kit is designed to build botnets from devices and platforms that system administrators may not have thought to be at risk for botnet infection in the past," he said.
"Enterprises need system hardening to prevent initial infection and DDoS protection to stop DDoS attacks from the Spike bots.”
According to a company statement, most the infrastructure DDoS attacks launched by the Spike DDoS toolkit can be mitigated by implementing access control lists (ACLs) that filter out unwanted traffic.
"To mitigate against the toolkit’s application-layer GET flood attack, PLXsert has produced a SNORT signature, which is available in the threat advisory."
The multi-platform infection code in this kit increases the threat’s complexity and sophistication and makes it necessary to apply system hardening measures to each of the targeted operating systems and platforms, according to a company statement.
Links to industry recommended hardening techniques are provided to system administrators in the advisory. The advisory also provides a YARA rule to identify bot payloads used to infect devices and make them part of the botnet.