The threat of distributed denial-of-service (DDoS) attacks has increased as hackers exploit new technologies including the Internet of Things (IoT).
"We experience the worst case scenario every year," said Dale Drew, chief security officer at tier-one network provider Level 3 Communications.
"Attack traffic becomes more sophisticated and brings to bear more bandwidth consumption than we have ever seen in years past. As such, we know the threats will only grow and morph."
Indeed new records are now being set on an almost daily basis. Level 3 stopped a 400Gbps attack last year, while just last week an attack on the security blog KrebsOnSecurity peaked at 620Gbps.
Proprietor Brian Krebs believes that the attack, which took down his website before being stopped using Google's Project Shield, may have been the result of his exposure of two Israelis who ran a business that sold subscriptions to a DDoS attack platform for $20 to $200 per month.
He also said that the attackers seemed to have used a botnet made up of internet-connected devices such as security cameras rather than computers.
The traffic surge that took down KrebsOnSecurity was dwarfed by a similar DDoS attack at around the same time on French web host OVH, which pounded the company at a rate of more than 1Tbps, possibly rising as high as 1.5Tbps.
That attack was also apparently performed by a botnet of hacked digital video recorders and security cameras, and may have been orchestrated by the same people, who are now in custody.
The attacks were first reported on 19 September. OVH founder Octave Klaba said that after an initial attack of 1.1Tbps 6,800 new cameras joined the botnet and the site was being hit by wave after wave of traffic surges. The site is back online now.
Last days, we got lot of huge DDoS. Here, the list of "bigger that 100Gbps" only. You can see the— Octave Klaba / Oles (@olesovhcom) September 22, 2016
simultaneous DDoS are close to 1Tbps! pic.twitter.com/XmlwAU9JZ6
This is not the first time that connected IoT devices have been used in botnets. DDoS attacks on Sony's PlayStation Network and Microsoft's Xbox Live last year were orchestrated through hacked home routers.
The LizardStresser botnet, capable of attacks of up to 400Gbps, targeted IoT devices in June using default passwords that are shared among entire device classes.
Just spent a year working on them? Too bad, Intel's lost interest
Sony factory in Wales now making 100,000 Raspberry Pis every week
38-year-old Alexander Vinnik faces up to 55 years in jail
Threadripper also available from today if you want a lot more power - but you'll have to wait for the motherboards to appear