Eleven11bot: Massive DDoS Botnet Threatens Global IoT Security

In what experts are calling one of the largest known DDoS botnet campaigns in recent years, a new cyber threat named Eleven11bot is rapidly expanding, compromising tens of thousands of IoT devices worldwide. The botnet’s unprecedented scale and impact signal a concerning escalation in cyberattacks targeting critical sectors.

A Growing Cyber Menace

Discovered by Nokia’s Deepfield Emergency Response Team, Eleven11bot has been observed conducting hyper-volumetric DDoS attacks, capable of overwhelming targets with millions of packets per second. Initial reports from Nokia on February 28 revealed that approximately 30,000 devices, primarily security cameras and network video recorders (NVRs) had been compromised. However, further analysis by the Shadowserver Foundation on March 5 estimated the number of infected devices at a staggering 86,400.

The majority of compromised devices are located in the United States (25,000), followed by the United Kingdom (10,000), Canada (4,000), and Australia (3,000). The widespread infection underscores the vulnerability of IoT devices, particularly those with weak or default passwords.

A Non-State Actor with Global Reach

What sets Eleven11Bot apart is its sheer scale and intensity. According to Nokia security researcher Jerome Meyer:

Its size is exceptional among non-state actor botnets, making it one of the largest DDoS campaigns observed since the invasion of Ukraine in 2022.

The botnet has been linked to prolonged DDoS attacks on the gaming and communications sectors, with some assaults lasting for days and causing significant disruptions.

Cybersecurity firms Censys and GreyNoise have also begun tracking Eleven11bot, identifying over 1,000 IP addresses linked to the botnet. Interestingly, GreyNoise reported that 61% of the botnet’s activity originates from Iranian IPs. However, the company stopped short of attributing the attacks to any state actor.

Eleven11Bot’s rapid expansion highlights the persistent vulnerabilities in IoT devices. The botnet gains control through brute-force attacks, exploiting weak or default passwords, and scanning for exposed SSH and Telnet ports. This method of infiltration makes poorly secured IoT devices an easy target for cybercriminals.

The emergence of Eleven11Bot raises urgent questions about IoT security and the need for stronger regulatory measures. While the short-term impact includes service disruptions and potential financial losses, the long-term threat lies in the botnet’s potential to be weaponized in more sophisticated attacks.

As per cybersecurity organizations, implementing stronger security protocols, including mandatory password resets and automatic software updates, can help minimise the threat, but global cooperation between governments, security firms, and tech companies will be critical in dismantling the botnet and preventing future attacks.

ALSO READ: Pakistan to Establish National Cyber Security Authority: IT Ministry Confirms