New “Plague” DDoS Attack Hits Internet Giant Yandex

By   ISBuzz Team
Writer , Information Security Buzz | Sep 13, 2021 02:06 am PST


Researchers at Yandex & Qrator Labs have been tracking what they are calling the “Mēris” botnet (meaning Plague in Latvian) and it may be the largest DDoS attack ever. The ongoing attack was also confirmed by the US company Cloudflare, and was said to have peaked at the rate of 21.8 million requests per second. While the Russian Internet giant Yandex has been the headline for an ongoing record DDoS attack, Qrator says other countries have seen similar attacks from this same source these past few weeks.

Although the initial botnet army was thought to be in the 30 – 50,000 device range, they now estimate a collection of more than 200,000 devices to be involved in a rotating attack matrix, where not all of the devices attack at one time. Though referred to by some as the old Mirai botnet, Qrator says they think not, as Mirai was a grouping of many differing devices and this latest attack seems to all be from just one manufacturer, Mikrotik.  Excerpts:

We do not know precisely what particular vulnerabilities lead to the situation where Mikrotik devices are being compromised on such a large scale

It is also clear that this particular botnet is still growing. There is a suggestion that the botnet could grow in force through password brute-forcing, although we tend to neglect that as a slight possibility.

In the last couple of weeks, we have seen devastating attacks towards New Zealand, United States and Russia, which we all attribute to this botnet species. Now it can overwhelm almost any infrastructure, including some highly robust networks. All this is due to the enormous RPS power that it brings along.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
September 13, 2021 10:08 am

<p>DDOS remains an unsophisticated but popular way of preventing access to select Web destinations. Companies that are vulnerable to DDOS attacks can counter them through measures like maintaining alternative DNS locations and detecting attacks early so they can be mitigated. Using risk analysis tools can enable organizations to identify such attacks immediately and counter them before they completely close down the web presence.</p>

Last edited 2 years ago by Saryu Nayyar

Recent Posts

Would love your thoughts, please comment.x