Meris: new DDoS botnet breaks records & terrorizes the internet

A new botnet consisting of around 250.000 infected devices is behind some of the largest DDoS attacks carried out over the summer, breaking the record for the largest volumetric DDoS attack times, once in June and again this month.

The botnet is called Mēris, the Latvian word for "plague", and is mainly used to blackmail DDoS internet service providers and financial companies in various countries, such as Russia, the United Kingdom, the United States and New Zealand.

Meris

The group behind the botnet usually sends threatening emails to large and demand the payment of a ransom. The emails target companies with extensive online infrastructure and contain threats of downtime of important servers if they do not pay an amount of digital currency by a certain deadline.

If the victims do not pay, the hackers launch their botnet with smaller attacks in the beginning that increase significantly in size later, in order to exert more pressure.

Qrator Labs, a Russian DDoS mitigation service, described Meris as "a new botnet", after a series of attacks against Russian companies.

"In the last two weeks, we have seen devastating attacks on New Zealand, the United States and Russia, which we attribute to this botnet," said the company's researchers.

"Meris can flood almost any infrastructure, including some very powerful networks. "All of this is due to the enormous RPS power it has."

The reason Qrator Labs calls Meris unique is that before this summer, most DDoS attacks with RPS were very rare and had not occurred on this scale in the last five years.

Most they are usually configured to send as much spam as possible to a target in classic “bandwidth attacks”, which are measured in Gbps.

RPS attacks, called volumetric or application-layer DDoS attacks, are different because the attackers focus on sending requests to the target server to overwhelm the and his memory.

Instead of hitting bandwidth with unwanted traffic, volumetric attacks focus on seizing server resources and eventually crashing them.

"In the last five years, there have been virtually no application-layer attacks on a global scale," says Qrator.

Things changed this summer with the introduction of Meris, which is based on a modified version of the old one software Mirai DDoS, according to internet infrastructure company Cloudflare, which also had to deal with some of his attacks.

But instead of focusing on bandwidth attacks, like most Mirai variants, the Meris focuses on volumetric attacks, obviously because they find them more efficient.

Meris broke the record for the largest volumetric DDoS attack twice. He did it for the first time earlier this summer, in June, when with an attack RPS 17,2 million DDoS hit a US financial company, according to Cloudflare, which had the nasty task of mitigating the attack.

Today, Qrator Labs reported that Meris has outdone itself again by of an attack that took place this Sunday, September 5, which reached 21,8 million RPS.

Qrator said it worked with Yandex to mitigate the attack, which apparently hit Yandex's servers. But the target of the attack was a Russian bank that maintained the portal e- of the Yandex cloud service.

Qrator also said that after analyzing the source of most of the attack, it appears to be coming from devices of MikroTik, a small Latvian company that sells networking tools such as routers, IoT gateways, WiFi access points, switches and mobile network equipment.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
DDoS botnet, Meris, iguru, iguru.gr

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).