Trending Topics

Feds Cripple Monster IoT Botnets Behind Record 31.4 Tbps DDoS Barrage

A coordinated law enforcement operation has disrupted four of the most powerful known IoT botnets, Aisuru, KimWolf, JackSkid, and Mossad, collectively responsible for some of the largest DDoS attacks ever recorded, including traffic peaks of roughly 31.4 terabits per second. Working with authorities in Germany and Canada, the US Department of Justice targeted the C2 infrastructure used to direct more than three million compromised devices, many of them consumer-grade routers, IP cameras, and DVRs shipped with weak defaults and rarely patched. Court documents allege that Aisuru alone issued over 200,000 DDoS attack commands, with KimWolf, JackSkid, and Mossad collectively launching hundreds of thousands more, at times hitting US Department of Defense systems and other high-value networks. These botnets embody the industrialization of DDoS-as-a-service, where operators rent out portions of their herd to anyone willing to pay, enabling even low-skilled actors to launch nation-scale traffic floods. Aisuru and its close relative KimWolf have repeatedly set new records for attack volume, with campaigns like Cloudflare’s so-called “Night Before Christmas” assault overwhelming targets with hyper-volumetric bursts at tens of terabits per second and hundreds of millions of requests per second. Beyond raw traffic volume, these operations have been used for extortion, competitive takedowns, and service disruption across telecom, cloud, and gaming sectors, turning everyday household electronics into a rentable weapon platform. By seizing domains and backend coordination servers rather than the devices themselves, authorities have effectively severed the bots’ “nervous system,” sharply limiting the operators’ ability to launch new attacks in the short term. However, the structural problem that enabled these botnets remains unchanged: millions of insecure IoT devices still sit exposed online, running outdated firmware and default credentials that make re-enlistment into the next botnet wave almost inevitable. For defenders, this disruption offers a temporary dip in DDoS pressure and a window to harden infrastructure by enforcing strong credentials, segmenting IoT networks, deploying modern DDoS mitigation at the provider and application layers, and pressuring vendors to ship secure-by-default devices. Policymakers and industry alike face a clear challenge: unless baseline security standards for connected devices improve, law enforcement will be stuck in an endless game of whack-a-mole against ever-larger botnets fueled by the same insecure hardware.

Oriska Insurance Added to DragonForce’s Victim List

The notorious “DragonForce” ransomware group has claimed yet another victim, publicly naming Oriska Insurance on its dark web leak site. Oriska, known for its commitment to reliability and its specialized coverage for small and minority-owned businesses, now faces not only operational disruption but also a major test of its reputation. This incident emphasizes ransomware groups' increasing focus on financial service providers that manage large volumes of sensitive personal and financial data. A breach involving Oriska’s systems could expose sensitive information from small- and midsize-enterprise clients, many of whom rely on the company’s assurances of security and trust. As ransomware operators refine their leverage tactics, threatening to release stolen data unless paid, companies like Oriska must now balance recovery efforts with the need to reassure their customers and partners. To defend against such evolving threats, insurance providers must strengthen their cyber resilience. That includes deploying next-generation EDR and immutable backup systems, ensuring that operations can recover quickly even in the event of compromise. Employee security awareness remains equally critical, as phishing remains the top initial attack vector. Finally, adopting a Zero Trust security model, with strict network segmentation and continuous monitoring, can help contain intrusions before they cause widespread damage.

Qilin Ransomware Targets Sievert Electric

The Qilin ransomware group has claimed responsibility for a cyberattack on Sievert Electric Service and Sales, an industrial machinery company in the United States, and is threatening to leak exfiltrated data if the victim does not enter negotiations. This is a textbook example of double extortion, where adversaries both encrypt critical systems and weaponize stolen data to maximize pressure on victims. For industrial organizations that already operate on tight production timelines and thin margins, such disruptions can translate directly into safety risks, stalled operations, and long-term reputational damage. This incident also highlights how attractive industrial and OT-adjacent environments have become to sophisticated ransomware groups. Companies like Sievert Electric often sit at the intersection of IT and OT, holding engineering documentation, vendor contracts, and sensitive customer information that can be leveraged or resold. The threat actor’s warning that “the full leak will be published soon” unless contacted suggests a narrow decision window, highlighting why organizations need predefined playbooks for legal, technical, executive, and communications responses, rather than improvising under pressure. To strengthen resilience, industrial firms must move beyond basic perimeter defenses and adopt layered controls. That includes a tested ransomware-specific incident response plan, rigorously validated offline or immutable backups, and hardened endpoints supported by EDR, network segmentation, and enforced MFA. Equally important is proactive dark web and threat intelligence monitoring to spot breached credentials, supplier chatter, and early indicators of targeting before an attack fully matures. For Sievert Electric and peers across the industrial sector, this is a clear signal: ransomware is not just an IT problem; it is a core operational and business continuity risk that demands executive-level ownership.