D믭 Spike, the toolkit has been used in a distributed denial of service attack that reached a peak of 215 gigabits per second Security researchers have recently discovered a toolkit capable of infecting computers, routers and Internet of Things devices to launch large-scale simultaneous DDoS attacks.DDoS mitigator Akamai Technologies uncovered the toolkit, dubbed Spike, about six months ago and has stopped attacks against enterprise customers in Asia and the U.S.One distributed denial of service attack peaked at 215 gigabits per second and 150 million packets per second.“It was pretty impressive,” David Fernandez, head of Akamai’s PLXsert lab, said. The toolkit is unique in that it can infect Linux, Windows and ARM-based systems. As a result, a Spike-based botnet could comprise PCs, servers, routers and Internet of Things (IoTs) devices, such as smart thermostats.Akamai has not seen any IoTs devices in the botnet it has uncovered. However, the fact that the creators developed binary payloads for ARM and Linux suggests that attacks on IoTs devices is possible. “They could be subjected to future exploitation and infection for these types of (DDoS) campaigns,” Fernandez said.Also unusual is Spike’s ability to launch different types of DDoS attacks simultaneously. For example, attackers could use four separate command-and-control servers to launch against a single target SYN, UDP, GET and Domain Name System query floods.Akamai believes Spike originated in Asia, because only Mandarin was used in the toolkits the company found.To block Spike, a company can add infrastructure attack signatures to access control lists. For blocking attacks on the application layer, Akamai has released a SNORT signature.SNORT is a widely used open source network intrusion detection and prevention system.Akamai also suggests hardening systems against attacks by keeping patches up to date and following the guidance provided by several organizations, including the SANS Institute, Microsoft, the National Security Agency, the National Institute of Standards and Technology (NIST) and the Open Web Application Security Project (OWASP). Akamai is also calling on the security research community, including vendors and government and private institutions, to launch a combined effort to cleanup Spike-infected systems while the botnet is still young.“Unless there are significant community cleanup efforts, this bot infestation is likely to spread,” the company said in a threat advisory. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe