Categories: DDOS

New Mēris Botnet Hits Yandex Search Engine With 21.8 Million RPS – Biggest DDoS Attack on Yandex History

Recently, it has been reported that Yandex was experiencing a massive DDoS attack from the Mēris botnet. this attack was denominated as the most comprehensive in the history of a DDoS attack, however, the key details are not yet cleared.

However, Yandex and Qrator Labs issued a large provision on Habré, on which they have yielded the details of what exactly happened, as per the study this DDoS attack power was more than 20 million requests per second, and the Mēris botnet was behind this attack.

Features of Mēris botnet

There are some special features that have been published by Yandex and Qrator regarding this DDoS attack, and here we have mentioned them below:-

  • Socks4 proxy at the affected device (unconfirmed, although Mikrotik devices use socks4)
  • Use of HTTP pipelining (http/1.1) method for DDoS attacks (confirmed)
  • Making the DDoS attacks themselves RPS-based (confirmed)
  • Open port 5678 (confirmed)

Comprehensive and robust botnet

Russian media broke when news about a huge DDoS attack hitting Yandex appeared. It is been described as the largest attack in the history of the Russian internet, therefore it was given the name of “RuNet.”

According to the recent details, which emerged in joint research from Yandex it has been pronounced that they are providing DDoS protection services. There were several attacks, out of which information was collected by the new Meris botnet and it showed a force of more than 30,000 devices.

The data that has been collected by Yandex, observed that the assaults on its servers relied on 56,000 attacking hosts. However, 2,50,000 compromised devices may have been seen during the indication by the security experts.

Countries with active hosts

CountryHosts% of global
United States of America13993042.6%
China6199418.9%
Brazil92442.8%
Indonesia73592.2%
India67672.1%
Hong Kong52251.6%
Japan 49281.5%
Sweden47501.4%
South Africa47291.4%

Botnet’s history of attacks on Yandex

Here’s the history of attacks on Yandex:-

  • 2021-08-07 – 5.2 million RPS
  • 2021-08-09 – 6.5 million RPS
  • 2021-08-29 – 9.6 million RPS
  • 2021-08-31 – 10.9 million RPS
  • 2021-09-05 – 21.8 million RPS

What to do in such a situation?

Blacklist still exists, therefore those attacks are not spoofed, hence, the victim sees the attack origin just the way it is. To not disturb the possible end-user and thwart the attack, blocking would be sufficient.

Nobody knows how the owners of the Meris botnet would act in the future. But, there is a fair probability that they could be taking advantage of the compromise devices by making the hundred percent of their capacity.

In such cases, the only way other than blocking every request is to prevent the answering of the pipelined requests. Although, pipelining could be turned into a disaster if there is no DDoS attack mitigation at the targeted server.

The threat actors need less workforce to fill the RPS threshold for the victim and it turns out that many were not ready for such a situation.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers

Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score of…

1 hour ago

IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers

A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux, and…

2 hours ago

Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks

Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security Features…

2 hours ago

Seamless AI Communication: Microsoft Azure Adopts Google’s A2A Protocol

Microsoft has announced its support for the Agent2Agent (A2A) protocol, an open standard developed in…

2 hours ago

Radware Cloud Web App Firewall Flaw Allows Attackers to Bypass Security Filters

Security researchers have uncovered two critical vulnerabilities in Radware’s Cloud Web Application Firewall (WAF) that…

2 hours ago

ESET Reveals How to Spot Fake Calls Demanding Payment for ‘Missed Jury Duty’

ESET, a leading cybersecurity firm, has shed light on one particularly insidious scheme: fake calls…

2 hours ago