Mēris Botnet Goes Global

Uploaded on 2021-09-13 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

The Russian Internet giant Yandex has been the target of a record-breaking Distributed Denial-of-Service (DDoS) attack known as Mēris. The botnet is believed to have attacked the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second. 

The Mēris  botnet, which has been seen since June 2021 is made up of around 250K malware-infected devices and is behind some of the largest recent DDoS attacks.

For the last five years, there have virtually been almost no global-scale application-layer attacks and during this period and cyber security professionals have learned how to cope with the high bandwidth network layer attacks, including amplification-based ones. 

Mēris, (the Latvian word for “plague”)  has been primarily used as part of a DDoS extortion campaign against Internet service providers and financial entities across several countries, such as UK, US, New Zealand and now Russia. What has been confirmed about the Mēris botnet is that it uses HTTP pipeline technology for DDoS attacks. Researchers have linked Mēris to a DDoS attack in August tracked by Cloudflare

The group behind the botnet typically sends menacing emails to large companies asking for a ransom payment. The emails, which target companies with extensive online infrastructure and which can’t afford any downtime, contain threats to take down crucial servers if the group is not paid a certain amount of crypto-currency by a deadline.

If victims don’t pay, the hackers unleash their botnet in smaller attacks at the beginning that substantially grow in size with time in order to put pressure on the victims.

The biggest contributor to the IoT botnet problem is the plethora of companies white-labelling IoT devices that were never designed with security in mind and are often shipped to the customer in default-insecure states, mainly because these devices tend to be far cheaper than more secure alternatives. There is a suggestion that the botnet could grow in force through password brute-forcing, which looks like some vulnerability that was either kept secret before the current massive campaign began or sold on the black market.

The Record:    Gigazine:     Brian Krebs:      Qrator:         Threatpost:         Mikrotik:      Hacker News

You Might Also Read: 

French Cyber-Police, Avast & FBI Neutralise Global Botnet

 

« Ransomware: One Percent Makes A Big Impact
Secure Network Access For The Modern Distributed Workforce »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

Lynx Software Technologies

Lynx Software Technologies

Lynx provide secure software and operating systems for use in mission critical applications such as aerospace, medical, transportation and IoT.

ComCode

ComCode

ComCode provides consulting services and solutions in the area of digitization and cyber security for mid-sized and big businesses.

MSG Systems

MSG Systems

MSG are committed to intelligent IT and industry solutions and offer independent consulting on all aspects of information security.

ReversingLabs

ReversingLabs

ReversingLabs develops cyber threat detection and mitigation tools that address the the latest directed attacks, advanced persistent threats and polymorphic malware.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

SCIS Security

SCIS Security

SCIS Security provides affordable cyber security services and solutions to small to medium sized businesses and homes.

Blockchain R&D Hub

Blockchain R&D Hub

Blockchain R&D Hub's mission is to serve the needs of blockchain ecosystem as the center of excellence for technology research and development.

Illuma Labs

Illuma Labs

Illuma Labs delivers real-time voice authentication and fraud prevention solutions.

Dr Web

Dr Web

Since 1992 the Russian anti-virus Dr.Web has been helping companies to keep their digital assets protected and operate in a secure digital environment.

Larsen & Toubro Infotech (LTI)

Larsen & Toubro Infotech (LTI)

LTI is a global technology consulting and digital solutions company with operations in 33 countries.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators provides services and information about financial fraud, fraud investigation and fraud prevention.

Infosec Ventures

Infosec Ventures

Infosec Ventures incubates and scales cyber security innovators that solve inefficiencies in cyber security.