The source of the largest DDoS attack in the history of the Russian segment of the Internet is the new botnet Mēris (“plague” in Latvian). This was reported in the Yandex blog on the Habr portal.
“Our specialists really managed to repel a record attack of more than 20 million RPS – this is the largest known attack in the entire history of the Internet. We chose [для этого ботнета имя] Mēris means “plague” in Latvian, – the company informed. They noted that they collected data on 56,000 attacking devices, but they assume that “the true number is much higher – probably more than 200,000 devices.”
“The full power of the botnet is not visible due to the rotation of devices and the lack of the attackers’ desire to show all the available power. Moreover, the devices on the botnet are high-performance devices, not typical IoT devices connected to a Wi-Fi network. Most likely, a botnet consists of devices connected via an Ethernet connection – mostly network devices, ”Yandex believes. They noted that they recorded signs of an outbreak of an attack in June this year, and confirmed that devices manufactured by the Latvian company Mikrotik were infected. They were used to create a botnet.
“At the time of publication of this article, we do not know exactly what vulnerabilities lead to the fact that Mikrotik devices are subjected to such a large-scale seizure,” added Yandex. The company noted that users of Mikrotik devices have noticed hacking attempts on older versions of the Latvian operating system RouterOS since 2017, however, data from Yandex and Qrator Labs indicate that more modern versions were used this time.
“In the botnet, we see many versions of RouterOS from the last three years – up to the latest stable one. The largest share falls on the penultimate version. The botnet continues to grow, ”Yandex reported.
A botnet is a network of computers infected with malware. It allows you to monitor thousands of computers and thus manage them remotely. They are used to carry out DDoS attacks and spread spam.
The source of Vedomosti reported on September 7 that Yandex was subjected to the largest DDoS attack in the history of Runet. The record scale of the cyberattack was confirmed by the American company Cloudflare, which specializes in repelling cyberattacks and cooperates with Yandex.
.