BACKGROUND:
Researchers at Yandex & Qrator Labs have been tracking what they are calling the “Mēris” botnet (meaning Plague in Latvian) and it may be the largest DDoS attack ever. The ongoing attack was also confirmed by the US company Cloudflare, and was said to have peaked at the rate of 21.8 million requests per second. While the Russian Internet giant Yandex has been the headline for an ongoing record DDoS attack, Qrator says other countries have seen similar attacks from this same source these past few weeks.
Although the initial botnet army was thought to be in the 30 – 50,000 device range, they now estimate a collection of more than 200,000 devices to be involved in a rotating attack matrix, where not all of the devices attack at one time. Though referred to by some as the old Mirai botnet, Qrator says they think not, as Mirai was a grouping of many differing devices and this latest attack seems to all be from just one manufacturer, Mikrotik. Excerpts:
We do not know precisely what particular vulnerabilities lead to the situation where Mikrotik devices are being compromised on such a large scale
It is also clear that this particular botnet is still growing. There is a suggestion that the botnet could grow in force through password brute-forcing, although we tend to neglect that as a slight possibility.
In the last couple of weeks, we have seen devastating attacks towards New Zealand, United States and Russia, which we all attribute to this botnet species. Now it can overwhelm almost any infrastructure, including some highly robust networks. All this is due to the enormous RPS power that it brings along.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.