A new botnet of about 250.000 infected devices is behind some of the biggest DDoS attacks of the summer, breaking the record for the largest volumetric DDoS attack twice, once in June and again this month.
Το botnet ονομάζεται Mēris, η λετονική λέξη "πανούκλα", και χρησιμοποιείται κυρίως για εκβιασμό DDoS σε παρόχους υπηρεσιών διαδικτύου και χρηματοπιστωτικών εταιρειών σε διάφορες countries, such as Russia, UK, USA and New Zealand.
The group behind the botnet usually sends threatening emails to large Companies and demand the payment of a ransom. The emails target companies with extensive online infrastructure and contain threats of downtime of important servers if they do not pay an amount of digital currency by a certain deadline.
If victims do not pay, hackers unleash their botnet with smaller attacks at first that increase significantly in size later in order to exert greater pressure.
Qrator Labs, a Russian DDoS mitigation service, described το Meris σαν "ένα νέο botnet", μετά από μια σειρά επιθέσεων εναντίον Ρώσικων εταιρειών.
"Τις τελευταίες δύο εβδομάδες, είδαμε καταστροφικές επιθέσεις προς τη Νέα Ζηλανδία, τις Ηνωμένες Πολιτείες και τη Ρωσία, τις οποίες αποδίδουμε σε αυτό το botnet", αναφέρουν οι ερευνητές της εταιρείας.
"Το Meris μπορεί να κατακλύσει σχεδόν οποιαδήποτε υποδομή, συμπεριλαμβανομένων ορισμένων πολύ ισχυρών δικτύων. Όλα αυτά οφείλονται στην τεράστια ισχύ RPS που διαθέτει", συνεχίζει η εταιρεία, όπου το RPS αντιπροσωπεύει αιτήματα ανά δευτερόλεπτο, έναν από τους δύο τρόπους μέτρησης του μεγέθους των επιθέσεων DDoS (ο άλλος είναι τα Gbps, gigabytes ανά δευτερόλεπτο).
The reason Qrator Labs calls Meris unique is that before this summer, most DDoS attacks with RPS were very rare and had not occurred on this scale in the last five years.
Τα περισσότερα botnets είναι συνήθως ρυθμισμένα να στέλνουν όσο το δυνατόν περισσότερη ανεπιθύμητη κίνηση σε έναν στόχο σε κλασικές "επιθέσεις εύρους ζώνης", οι οποίες μετρώνται σε Gbps.
RPS attacks, called volumetric or application-layer DDoS attacks, are different because the attackers focus on Mission requests to the target server to overwhelm its CPU and memory.
Instead of hitting bandwidth with unwanted traffic, volumetric attacks focus on seizing server resources and eventually crashing them.
"Τα τελευταία πέντε χρόνια, ουσιαστικά δεν υπήρξαν σχεδόν καθόλου επιθέσεις application-layer σε παγκόσμια κλίμακα", αναφέρει η Qrator.
Things changed this summer with the introduction of Meris, which is based on a modified version of the old one malicioussoftware Mirai DDoS, according to internet infrastructure company Cloudflare, which also had to deal with some of his attacks.
But instead of focusing on bandwidth attacks, like most Mirai variants, the Meris focuses on volumetric attacks, obviously because they find them more efficient.
Meris broke the record for the largest volumetric DDoS attack twice. He did it for the first time earlier this summer, in June, when with an attack RPS 17,2 million DDoS hit a US financial company, according to Cloudflare, which had the nasty task of mitigating the attack.
Today, Qrator Labs reported that Meris outdid itself again during an attack this Sunday, September 5, which reached Rs 21,8 million.
Qrator said it had partnered with Yandex to mitigate the attack, which apparently hit Yandex servers. The target of the attack, however, was a Russian bank that maintained the e-banking portal of Yandex cloud service.
Qrator also said that after analyzing the source of most of the attack, it appears to be coming from devices of MikroTik, a small Latvian company that sells networking tools such as routers, IoT gateways, WiFi access points, switches and mobile network equipment.
