Wednesday, October 4, 2023

Meris Botnet Attacked Russia’s Yandex With 22 Million RPS

The Russian internet company Yandex has been the attacked of a distributed denial-of-service (DDoS) attack by a new botnet known as Meris, which set a new world record for DDoS attacks.

In a recent botnet-powered attack that came to light last month, an unnamed Cloudflare customer in the financial industry has bombarded with 17.2 million requests per second (RPS). This attack has believed to have pummelling the company’s web infrastructure with millions of HTTP requests before reaching a peak of 21.8 million requests per second (RPS).

Meris, which is Latvian for “Plague,” according to the Latvian language, is a “botnet of a novel sort,”. According to Russian DDoS mitigation firm Qrator Labs, which revealed the specifics of the attack on Thursday.

“Password brute-forcing may also expand the botnet’s size, but we believe this is unlikely at this time. As a result of the massive RPS power that Meris possesses, “it is capable of overwhelming almost any infrastructure, including some of the most highly resilient networks,”. According to the researchers, who also noted that the vulnerability has either kept secret before the massive campaign began. Or sold on the black market before it has discovered.

HTTP Pipelining

Attackers used a method known as HTTP pipelining, which allows a client (in this case, a web browser) to establish a connection with the server. And perform numerous requests without having to wait for each answer one after the other. There were over 250,000 infected hosts, mostly Mikrotik network devices. Also with evidence pointing to a spectrum of RouterOS versions that had weaponized by exploiting as-of-yet unknown vulnerabilities. The malicious traffic originated from over 250,000 infected hosts, mostly Mikrotik network devices.

These assaults are utilizing the same set of routers that have hacked in 2018. Because of a vulnerability (CVE-2018-14847, CVSS score: 9.1) that has since patched. And that there are no new (zero-day) vulnerabilities affecting the devices at the time of writing.

As a result Meris Botnet Attacked Russia’s Yandex With 22 Million RPS with DDoS attacks. If your password has compromised in 2018, an update will not be sufficient. Aside from changing passwords and checking to see if your firewall allows remote access to unknown parties. You should also examine your computer for scripts that you did not write “It has taken into consideration.

Meris has also connected to a number of distributed denial of service (DDoS) assaults. Including one that has mitigated by Cloudflare, which noted the overlaps in “durations and dispersion across nations” between the attacks.

While it has strongly suggested that businesses upgrade their MikroTik devices to the most recent firmware. In order to prevent any possible botnet attacks, it has also recommended that they change their administrative passwords to protect themselves against brute-force assaults.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Read more

Latest news
Would love your thoughts, please comment.x