DDoS attacks like this are usually launched from large number of malware ridden personal computers. Since the attacks are coming from an IP addresses on a residential network they're very hard to differentiate from legitimate traffic.
What's different about this attack is that it appears to not be PCs but network devices (routers) that are being taken over and used to launch attacks.
People are much less likely to catch that this is occurring and as a result there's concerns that this botnet is going to persist as a threat for a much longer time than is typical. Additionally, network devices may have access to a greater amount of bandwidth than a PC increasing the threat.
One more thing: when the botnet makes a request (attack) against a site it's using a modern performance optimization technique of "pipelining" where instead of a GET to "/index.html" just interacting with the index.html file it's holding a connection open to also then request all the other assets from the site. In normal usage this is great as it makes a site feel more responsive and reduces network overhead. However, in the context of this botnet it also increases the number of requests that each bot can make (which is bad).
Great explanation...
For anyone interested, the following jupyter notebook explains three different ways to process HTTP requests: serial requests (the baseline), pipelined requests and parallel requests with multiple connections (and without threads).
What's different about this attack is that it appears to not be PCs but network devices (routers) that are being taken over and used to launch attacks.
People are much less likely to catch that this is occurring and as a result there's concerns that this botnet is going to persist as a threat for a much longer time than is typical. Additionally, network devices may have access to a greater amount of bandwidth than a PC increasing the threat.
One more thing: when the botnet makes a request (attack) against a site it's using a modern performance optimization technique of "pipelining" where instead of a GET to "/index.html" just interacting with the index.html file it's holding a connection open to also then request all the other assets from the site. In normal usage this is great as it makes a site feel more responsive and reduces network overhead. However, in the context of this botnet it also increases the number of requests that each bot can make (which is bad).