A Distributed Denial-of-Service assault peaking at 31.4 Tbps — alongside a staggering 200 million requests per second — has set a new record and thrown a harsh spotlight on an “apex” botnet that draws its power from ordinary home devices. Security firms tracking the operation, often referred to as Aisuru or Kimwolf, say it leverages an estimated one to four million compromised hosts, from consumer routers to internet-connected cameras and smart TVs.
What Happened and Why This Massive Attack Matters
Cloud providers handling the onslaught reported automatically mitigating what they described as the largest attack publicly disclosed to date. Cloudflare’s recent DDoS threat analysis labeled Aisuru a top-tier botnet by scale and sophistication, and noted that the same infrastructure was responsible for thousands of attacks this year against telecom carriers, gaming platforms, hosting companies, ISPs, and financial services.
Record-breaking throughput matters because it reveals how attackers can saturate backbone links and overwhelm defenses not just at the application layer but across entire networks. In that scenario, even services with robust mitigation can experience collateral strain downstream, amplifying disruption far beyond a single target.
How Your Home Devices Become DDoS Ammunition
Aisuru operators scour the internet for exposed services and default credentials, then enroll vulnerable devices into a command-and-control mesh. Consumer gear — home routers, DVRs, baby monitors, and increasingly Android TV devices — is a prime target because it’s always on, broadly deployed, and often poorly maintained. Once infected, a device contributes bandwidth, CPU, and in some cases reflection and amplification capabilities to flood victims with junk traffic.
Weaknesses repeatedly exploited include unchanged factory passwords, unsecured remote administration, outdated firmware, and protocols like UPnP that punch holes through home firewalls. The result is a silent conscription: your gear keeps streaming, routing, or recording, while also helping firehose packets at a victim you’ve never heard of.
The Botnet-as-a-Service Economy Behind Aisuru
Unlike bespoke criminal arsenals, Aisuru operates as a rental service. Investigators say capacity can be bought for anywhere from a few hundred to a few thousand dollars, putting nation-state-scale disruption within reach of smaller crews. Cloudflare warned that with enough rented capacity, adversaries can degrade connectivity for large population centers by saturating upstream links.
The network’s utility goes beyond DDoS. Research by Netscout and reporting by KrebsOnSecurity indicate that compromised nodes are also leased to residential proxy providers — effectively converting hacked homes into stealthy relays for credential stuffing, spamming, phishing, large-scale web scraping, and even data collection used in AI projects. That multi-use model monetizes the same infected device multiple times, which funds growth and persistence.
Attack Volume Is Surging Across the Internet Backbone
Cloudflare tallied over 47 million DDoS attacks in the past year, a 121% surge compared to the previous period. The firm also logged more than 180 notable internet disruptions, with causes ranging from fiber cuts and power failures to network misconfigurations and conflict-related damage. In parallel, a major incident that knocked thousands of services offline was traced to a DNS issue in a large cloud region, showing how infrastructure fragility and DDoS campaigns can compound one another.
Context matters: Aisuru previously set a record at 29.7 Tbps and then eclipsed it. That cadence suggests the ceiling is still moving, driven by faster last-mile broadband, cheap hardware, and the explosive growth of unmanaged IoT endpoints.
Protecting Your Network Right Now: Practical Steps
Small steps dramatically reduce risk.
Immediate steps for home users
- Change default passwords and disable remote administration on routers and cameras unless absolutely required.
- Turn off UPnP, close unnecessary ports, and enable automatic firmware updates.
- Segment smart home gadgets on a separate Wi‑Fi network from laptops and work devices.
- If your router supports it, review outbound traffic logs and disable services you don’t use.
Defenses for organizations and ISPs
- Adopt anycast-based DDoS protection, maintain scrubbing capacity, and diversify authoritative DNS with failover.
- Enforce rate limiting, implement strong bot management, and deploy BGP FlowSpec or RTBH with upstreams.
- Filter spoofed traffic in line with BCP 38 and offer opt-in customer protections that block known malicious services by default.
What Vendors Must Fix to Rein in IoT Botnets
Manufacturers should ship devices with unique credentials, secure onboarding, and signed, auto-updating firmware. Baseline IoT security standards such as ETSI EN 303 645 provide a solid template, while software bills of materials and memory-safe code can shorten patch cycles and cut entire bug classes. ISPs and cable operators, in turn, can provide protective DNS, curb gratuitous exposure of admin interfaces, and detect abnormal egress from customer networks.
The latest 31.4 Tbps milestone is less a one-off and more a preview. As bandwidth climbs and the number of internet-connected gadgets multiplies, the biggest botnet will be the one that can turn the most living rooms into launchpads. Whether your devices help stop that future — or help fuel it — depends on the defaults you change today.
