A new toolkit known as Spike is living up to its name by fomenting a series of powerful distributed denial of service (DDoS) attacks. Its specialty is helping malicious actors to build bigger DDoS botnets by targeting a wider range of Internet-capable devices. And that in turn drives…wait for it…a ‘spike’ in traffic.
"This summer Akamai mitigated huge multi-vector DDoS attack campaigns that we traced to bots controlled by the new Spike DDoS toolkit," said Stuart Scholly, senior vice-president and general manager of the Security Business Unit at Akamai, in an advisory. "This DDoS kit is designed to build botnets from devices and platforms that system administrators may not have thought to be at risk for botnet infection in the past.”
Several campaigns have been reported against hosts in Asia and the United States, Akamai noted, and one of these attacks was a “huge” multi-vector initiative that peaked at 215 Gbps and 150 million packets per second (Mpps).
Overall, Spike has a lot of tools in its arsenal. It can launch both infrastructure-based and application-based DDoS payloads, and attacks include SYN flood, UDP flood, domain name system (DNS) query flood, and GET floods.
Further, the Spike DDoS toolkit runs on a Windows system, but it can communicate and execute commands to Windows, Linux and ARM-based devices infected with its binary payloads.
And, the multi-platform infection code in this kit increases the threat’s complexity and sophistication and makes it necessary to apply system hardening measures to each of the targeted operating systems and platforms.
One interesting twist to Spike is the ability to use not just typical internet accoutrements to drive traffic for a DDoS attack. It’s a thoroughly modern toolkit, with an eye to making use of new types of connected devices as well.
“The ability to generate an ARM-based binary payload suggests that the authors of this malicious tool are seeking to control devices such as routers and internet of things (IoT) devices (i.e., smart thermostat systems and washer/dryers),” Akamai noted.
Going forward, Spike-based botnets will likely be used in attack campaigns against targets in regions beyond Asia and the US, and against a variety of verticals, the firm warned.
“Unless there are significant community cleanup efforts, this bot infestation is likely to spread,” it said. “There is likely to be a surge in the number of new Spike DDoS toolkit iterations that incorporate new payloads and signatures. System administrators need to thoroughly check and harden devices that may not have been targeted or thought to be at risk for botnet infection in the past.”