A high-ranking source at Yandex told Vedomosti that the largest DDoS attack in the history of the Russian Internet was carried out on the company’s servers last weekend. The record scale of the cyberattack was confirmed by the American company Cloudflare, which specializes in repelling cyberattacks and cooperates with Yandex.
Another source at Yandex confirmed this information, noting that the company had difficulty in containing the DDOS attack and it continues this week. The interlocutors of Vedomosti did not disclose the specifics of the cyberattack, citing an internal audit.
“We are conducting an investigation together with the contractors,” explained the Vedomosti interlocutor in the company. “We are talking about a threat to the infrastructure on a national scale.” He could not say whether Yandex representatives had filed a complaint with the police or the FSB.
A Yandex spokesman confirmed the information about the attack. “Yandex did indeed undergo a DDoS attack, which was repelled by our network infrastructure and system for filtering unwanted requests. The attack did not affect the operation of the services, user data was not affected, ”the company told Vedomosti without providing additional details.
“Vedomosti” sent inquiries to Cloudflare, the Ministry of Internal Affairs, the FSB of Russia and Roskomnadzor, at the time of submitting the number no replies were received.
In August and September 2021, there is an increase in the number of DDoS attacks on companies from various sectors of the economy – from small businesses to the largest corporations, Alexander Lyamin, CEO of Qrator Labs, a company specializing in information infrastructure protection, told Vedomosti.
“The customers of these attacks are different, but the perpetrator, apparently, is the same, and he operates a botnet that has recently appeared in the industry,” says Lyamin. – Some industry players have already announced that the Mirai botnet, which made a splash five years ago and was built on the basis of video cameras, has returned to us. Having devoted the last few weeks to studying the new botnet, we can say that a completely new botnet has appeared and it is built on the network equipment of a very popular vendor from the Baltic States. It spreads through a vulnerability in firmware and already numbers up to hundreds of thousands of infected devices. “
Another expert in the field of information security said that we are talking about the routers of the Latvian company MikroTik – the equipment of this manufacturer could be used to organize a new botnet.
A MikroTik spokesman told Vedomosti that a vulnerability was previously discovered in their own operating system RouterOS, but it was fixed in 2018.
“Many devices are still running old software, but it is difficult to warn every user on the planet about this,” said a MikroTik spokesman.
As reported in the MikroTik blog, in April 2018, the company discovered a vulnerability that allowed to query the system user database file using a special tool.
“We are not aware of any new vulnerabilities, since the mentioned one was fixed, RouterOS is being carefully studied by independent audit companies,” a MikroTik spokesman said.
The use of vulnerable devices is a common way of organizing DDoS attacks, says a source at a large Internet company, Vedomosti: “Some services could have suffered. Large DDoS attacks lead to the fact that large Internet services can degrade. “
In recent days, several massive DDOS attacks on Russian companies have been reported.
On September 1, Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov reported that last week (from 23 to 29 August – Vedomosti) Sberbank successfully repelled the most powerful DDOS attack on the financial sector: for one second of our services, but the power of the attack allows us to conclude that, without the protection we have, other organizations could definitely, unfortunately, stop their work. “
On September 3, Kommersant reported a malfunction in the Vkontakte social network. According to Downdetector, complaints about problems with access to the social network began in the evening on September 2, when the majority of users did not open the site at that time.
Also on September 2, according to Downdetector, users complained about a failure when entering the Yandex website and the service’s mail.
Representatives of Vkontakte and Mail.ru Group did not respond to requests from Vedomosti.
The activity of the new Qrator Labs botnet is observed not only in Russia, but also in Europe, the USA, India, the Middle East, the APAC region, Latin America, Lyamin notes: the whole world, and the damage from them has already reached the level of billions of rubles. “
In terms of the number of requests per second, this botnet sets absolute records, developing amazing speeds – tens of millions of requests per second, which exceeds the speed of ordinary attacks of past years by two orders of magnitude, Lyamin notes: [атакой] Not all DDoS protection solutions on the market can cope. “
The main target of DDoS attacks in Russia is entertainment companies (40.76% of incidents, according to Statist for 2020). Telecommunications companies (29.27%), online retail (11.94%), construction (6%), financial (4.56%), educational (3.61%) and service organizations (2, 68%).