Yandex & Qrator Labs researchers have been tracking what they call the “Mēris” botnet (which means plague in Latvian) and it may be the biggest DDoS attack ever. The ongoing attack was also confirmed by US company Cloudflare and is believed to have peaked at 21.8 million requests per second. As Russian internet giant Yandex made headlines with an ongoing record-breaking DDoS attack, Qrator says other countries have witnessed similar attacks from the same source in recent weeks.
Although the initial botnet army was supposed to be between 30 and 50,000 devices, they now estimate that a collection of over 200,000 devices would be involved in a rotating attack matrix, where not all devices attack. the same time. Although some call it the old Mirai botnet, Qrator says they don’t think so, as Mirai was a collection of many different devices and this latest attack appears to come from a single manufacturer, Mikrotik. Excerpts:
We don’t know precisely what particular vulnerabilities lead to the situation where Mikrotik devices are compromised on such a large scale.
It is also clear that this particular botnet continues to grow. There is a suggestion that the botnet could grow brute force password brute force, although we tend to overlook this as a slight possibility.
Over the past two weeks, we have seen devastating attacks on New Zealand, the United States and Russia, which we all attribute to this species of botnet. Now, it can overwhelm almost any infrastructure, including some very robust networks. This is all due to the enormous RPS power it brings.