Cyber Incident Victim: OVHcloud
Date:
Sep 2016
Location:
France
Summary
A French hosting provider suffered a record-breaking distributed denial-of-service attack utilizing a botnet of over 145,000 compromised internet-connected devices, primarily CCTV cameras, generating traffic peaks of 1.5 terabits per second. The multivector assault, linked to perpetrators of a prior high-profile attack on a security journalist's website, was successfully mitigated by the targeted company but underscored vulnerabilities in unsecured IoT infrastructure and raised concerns about potential impacts on less-prepared organizations facing similar threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late September 2016, French hosting provider OVH experienced a distributed denial-of-service (DDoS) attack that reached an unprecedented scale of 1.5 terabits per second (Tbps). This incident occurred shortly after cybersecurity journalist Brian Krebs' website was targeted by a separate 620 Gbps attack that forced his site offline. According to OVH Chief Technology Officer Octave Klaba, the attack against their infrastructure originated from a botnet comprising 145,607 compromised Internet of Things (IoT) devices, primarily consisting of CCTV cameras and digital video recorders. Each infected device contributed approximately 30 Mbps of attack traffic, collectively generating the record-breaking 1.5 Tbps assault through coordinated malicious commands. The attack employed multiple vectors, though specific technical methods beyond the IoT device recruitment weren't detailed in available reports. Security researchers identified connections between this attack and the earlier assault on Krebs' site, noting that the same threat actors likely orchestrated both incidents.
OVH successfully mitigated the attack through unspecified defensive measures, preventing sustained disruption to their services. The incident highlighted vulnerabilities in IoT device security, as manufacturers frequently neglected basic security protocols during development, enabling easy compromise of devices like webcams. Industry experts including Lee Munson of Comparitech.com warned that such attacks demonstrated the growing scale of DDoS threats, which had evolved from small-scale disruptions by amateur attackers to industrialized operations employing massive botnets available for hire. The attack's magnitude raised concerns about the potential devastation if similarly sized assaults targeted organizations with fewer defensive resources than OVH. Following these events, Google began providing DDoS mitigation services to Krebs' website after his previous protection from Akamai was discontinued due to the attack's intensity. No specific financial or operational impact details for OVH were disclosed in available reporting.