Throughout the course of A10’s research into distributed denial of service (DDoS) weapons over the last several years, we have consistently observed that DDoS attacks continue to grow in frequency, intensity, and sophistication. This was even more evident in 2020 with the COVID-19 pandemic. Attackers have used this global event to increase attacks, large and small, on vulnerable organizations including healthcare, education and government.

This report summarizes specific DDoS weapons activity that A10 Networks has observed around the globe during the past six months. In our last report we explored the use of malware in the recruitment of botnet devices, taking a closer look at the most frequent example, the Arm7 malware binary, which demonstrated its complexity via multi-layered attack techniques.

In this report, we took a closer look at how 200,000+ devices were compromised from virtually nothing at a sizeable cable broadband provider in India, the observed behavior of these devices, what exploits were used to hijack these devices and some recommended best practices to protect against potential attacks from these systems.