Damian Menscher

@[email protected]
10 Followers
2 Following
7 Posts
Security Reliability Engineer responsible for DDoS defense @ Google
Damian Menscher3d ago

In 2025 botnets started using residential proxy networks (like IPIDEA which Google disrupted in Jan) to spread to vulnerable IoT within home networks. DDoS quadrupled in size, a step change in the expected exponential growth trend (here shown on a log scale).

To diffuse the attack power, I convinced industry peers that we should publish the infection method. https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/ This led to a fragmentation of the bots across several botnets, reducing the largest attacks from 30 Tbps to 10 Tbps.

Today a multinational law enforcement action disrupted 4 of those botnets: Aisuru, KimWolf, JackSkid, and Mossad. https://www.justice.gov/usao-ak/pr/authorities-disrupt-worlds-largest-iot-ddos-botnets-responsible-record-breaking-attacks It will be interesting to watch how the peak attack sizes grow or decrease in the coming weeks!

Show threadDamian MenscherNov 18
@GossiTheDog s/(four)/\1teen/gI
Show threadDamian MenscherOct 30
@briankrebs Cloudflare bases this dashboard on queries to 1.1.1.1. The malware hardcodes 1.1.1.1 for its DNS resolution (to find the C2), so Cloudflare ranks it 25x too high (since they otherwise see <4% of DNS traffic). Combine that with the malware sometimes getting stuck in a loop resolving the domain, and you get misleading dashboards like this.
Show threadDamian MenscherSep 2, 2025
@briankrebs Cloudflare already corrected their statement (this was primarily an IoT botnet). I point back to my earlier statement that botnets compete over vulnerable IoT... this sudden growth is the expected result of law enforcement shutting down Rapperbot 2 weeks ago.
Show threadDamian MenscherJun 2, 2025
@ChuckMcManis @briankrebs While I agree with your broader point, just want to correct that the top country was Vietnam, not Korea (which was tied for 67th place). Taiwan was also high on the list, along with China, Brazil, and Indonesia.
Show threadDamian MenscherJun 2, 2025
@saiarcot895 @briankrebs The FCC defines broadband as download speeds of 100 Mbps. That's the source of the number we used in the post.