# **Eleven11bot: The Enormous Botnet Targeting Video Recorders and Executing Record-Breaking DDoS Assaults**
## **Overview**
A newly unveiled botnet, referred to as **Eleven11bot**, has emerged as one of the most formidable cyber dangers in recent recollection. This botnet, comprising an estimated **30,000 compromised webcams and video recorders**, has been accountable for some of the most extensive **denial-of-service (DDoS) attacks** ever documented. With the highest density of infected devices situated in the **United States**, Eleven11bot has been causing significant disruptions across various sectors, including **telecommunications service providers and gaming hosting systems**.
## **What Exactly is Eleven11bot?**
Eleven11bot is a **network botnet** that was first identified in **February 2024** by experts at **Nokia’s Deepfield Emergency Response Team**. The botnet garnered immediate attention due to its capacity to conduct **hyper-volumetric DDoS assaults**, capable of inundating networks with vast quantities of data.
In contrast to conventional DDoS attacks that deplete a server’s computational resources, **volumetric DDoS assaults** concentrate on utilizing all available bandwidth. Eleven11bot has exhibited an unparalleled capability to generate traffic at an incredible rate, with its most significant attack peaking at **6.5 terabits per second (Tbps)** on **February 27, 2024**—surpassing the former record of **5.6 Tbps** established in January.
## **Mechanism of Eleven11bot**
Eleven11bot mainly **compromises security cameras and digital video recorders (DVRs)**, with a large number of the infected devices operating on **HiSilicon chips**. As per security analysts, the botnet is likely a **variant of Mirai**, a well-known malware strain that has been employed in extensive cyberattacks since 2016.
### **Distinct Features of Eleven11bot:**
– **Massive Scope:** With around **30,000 infected devices**, Eleven11bot ranks among the largest botnets ever noted.
– **Recently Compromised Devices:** Numerous IP addresses associated with Eleven11bot had **never been detected in prior DDoS attacks**.
– **Record-Setting Attack Volume:** The botnet has executed attacks reaching **6.5 Tbps**, creating a new standard for volumetric DDoS assaults.
– **Varied Attack Methods:** Eleven11bot utilizes several attack strategies, including **packet flooding** and **bandwidth saturation**, to disrupt services.
## **Global Consequences of Eleven11bot**
A geographical examination of Eleven11bot’s infected devices revealed that the **United States** hosts the largest concentration of compromised IP addresses at **24.4%**, followed by **Taiwan (17.7%)** and the **United Kingdom (6.5%)**. This widespread distribution emphasizes the **global influence** of the botnet and the potential threats it poses to essential infrastructure around the globe.
### **Affected Industries:**
– **Telecommunications Service Providers:** Internet service providers (ISPs) and telecom firms have been targeted, resulting in **service interruptions**.
– **Gaming Hosting Systems:** Online gaming platforms have experienced **latency problems and outages** due to Eleven11bot’s assaults.
– **Enterprise Networks:** Companies relying on cloud services and remote connectivity have faced **connection issues**.
## **Discrepancies in Botnet Size Reports**
While Nokia initially estimated the botnet to consist of **30,000 infected devices**, other cybersecurity entities have reported differing figures:
– **Shadowserver Foundation** suggested the botnet could comprise as many as **86,000 devices**.
– **Greynoise and Censys** later adjusted their estimates, stating that the actual number could be **fewer than 5,000**.
Despite these inconsistencies, Nokia researchers have continually observed **20,000 to 30,000 IP addresses** involved in Eleven11bot’s attacks, bolstering the belief that it continues to represent a **substantial cybersecurity threat**.
## **Method of Eleven11bot’s Propagation**
Similar to other Mirai-based botnets, Eleven11bot employs various techniques to **infect IoT devices**:
1. **Exploitation of Default Credentials:** Numerous IoT devices come with **pre-set usernames and passwords**, which attackers take advantage of to gain entry.
2. **Vulnerabilities in Software:** The botnet proliferates by **exploiting security weaknesses** in DVRs and webcams, especially those operating on **TVT-NVMS 9000 software** on **HiSilicon chips**.
3. **Network Exposure:** Devices that are **open to the internet** without adequate security measures become prime candidates for infection.
## **Preventive Measures Against Eleven11bot**
In light of the escalating threat from Eleven11bot and
