Tuesday, November 12, 2024
HomeDDOSNew Mēris Botnet Hits Yandex Search Engine With 21.8 Million RPS -...

New Mēris Botnet Hits Yandex Search Engine With 21.8 Million RPS – Biggest DDoS Attack on Yandex History

Published on

Malware protection

Recently, it has been reported that Yandex was experiencing a massive DDoS attack from the Mēris botnet. this attack was denominated as the most comprehensive in the history of a DDoS attack, however, the key details are not yet cleared.

However, Yandex and Qrator Labs issued a large provision on Habré, on which they have yielded the details of what exactly happened, as per the study this DDoS attack power was more than 20 million requests per second, and the Mēris botnet was behind this attack.

Features of Mēris botnet

There are some special features that have been published by Yandex and Qrator regarding this DDoS attack, and here we have mentioned them below:-

- Advertisement - SIEM as a Service
  • Socks4 proxy at the affected device (unconfirmed, although Mikrotik devices use socks4)
  • Use of HTTP pipelining (http/1.1) method for DDoS attacks (confirmed)
  • Making the DDoS attacks themselves RPS-based (confirmed)
  • Open port 5678 (confirmed)

Comprehensive and robust botnet

Russian media broke when news about a huge DDoS attack hitting Yandex appeared. It is been described as the largest attack in the history of the Russian internet, therefore it was given the name of “RuNet.”

According to the recent details, which emerged in joint research from Yandex it has been pronounced that they are providing DDoS protection services. There were several attacks, out of which information was collected by the new Meris botnet and it showed a force of more than 30,000 devices.

The data that has been collected by Yandex, observed that the assaults on its servers relied on 56,000 attacking hosts. However, 2,50,000 compromised devices may have been seen during the indication by the security experts.

Countries with active hosts

CountryHosts% of global
United States of America13993042.6%
China6199418.9%
Brazil92442.8%
Indonesia73592.2%
India67672.1%
Hong Kong52251.6%
Japan 49281.5%
Sweden47501.4%
South Africa47291.4%

Botnet’s history of attacks on Yandex

Here’s the history of attacks on Yandex:-

  • 2021-08-07 – 5.2 million RPS
  • 2021-08-09 – 6.5 million RPS 
  • 2021-08-29 – 9.6 million RPS
  • 2021-08-31 – 10.9 million RPS
  • 2021-09-05 – 21.8 million RPS

What to do in such a situation?

Blacklist still exists, therefore those attacks are not spoofed, hence, the victim sees the attack origin just the way it is. To not disturb the possible end-user and thwart the attack, blocking would be sufficient.

Nobody knows how the owners of the Meris botnet would act in the future. But, there is a fair probability that they could be taking advantage of the compromise devices by making the hundred percent of their capacity.

In such cases, the only way other than blocking every request is to prevent the answering of the pipelined requests. Although, pipelining could be turned into a disaster if there is no DDoS attack mitigation at the targeted server.

The threat actors need less workforce to fill the RPS threshold for the victim and it turns out that many were not ready for such a situation.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

VMware Workstation & Fusion Now Available for Free to All Users

VMware has announced that its popular desktop hypervisor products, VMware Workstation and VMware Fusion,...

Dell Enterprise SONiC Flaw Let Attackers Hijack the System

Dell Technologies has disclosed multiple critical security vulnerabilities in its Enterprise SONiC OS, which...

Amazon Confirms Employee Data Breach Via Third-party Vendor

Amazon has confirmed that sensitive employee data was exposed due to a breach at...

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a...

Russia-Linked Hackers Attacking Governmental And Political Organizations

Two pro-Russian threat actors launched a distributed denial-of-service (DDoS) attack campaign against Japanese organizations...

GorillaBot Emerged As King For DDoS Attacks With 300,000+ Commands

The newly emerged Gorilla Botnet has exhibited unprecedented activity, launching over 300,000 DDoS attacks...