Mēris Botnet Goes Global

Uploaded on 2021-09-13 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

The Russian Internet giant Yandex has been the target of a record-breaking Distributed Denial-of-Service (DDoS) attack known as Mēris. The botnet is believed to have attacked the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second. 

The Mēris  botnet, which has been seen since June 2021 is made up of around 250K malware-infected devices and is behind some of the largest recent DDoS attacks.

For the last five years, there have virtually been almost no global-scale application-layer attacks and during this period and cyber security professionals have learned how to cope with the high bandwidth network layer attacks, including amplification-based ones. 

Mēris, (the Latvian word for “plague”)  has been primarily used as part of a DDoS extortion campaign against Internet service providers and financial entities across several countries, such as UK, US, New Zealand and now Russia. What has been confirmed about the Mēris botnet is that it uses HTTP pipeline technology for DDoS attacks. Researchers have linked Mēris to a DDoS attack in August tracked by Cloudflare

The group behind the botnet typically sends menacing emails to large companies asking for a ransom payment. The emails, which target companies with extensive online infrastructure and which can’t afford any downtime, contain threats to take down crucial servers if the group is not paid a certain amount of crypto-currency by a deadline.

If victims don’t pay, the hackers unleash their botnet in smaller attacks at the beginning that substantially grow in size with time in order to put pressure on the victims.

The biggest contributor to the IoT botnet problem is the plethora of companies white-labelling IoT devices that were never designed with security in mind and are often shipped to the customer in default-insecure states, mainly because these devices tend to be far cheaper than more secure alternatives. There is a suggestion that the botnet could grow in force through password brute-forcing, which looks like some vulnerability that was either kept secret before the current massive campaign began or sold on the black market.

The Record:    Gigazine:     Brian Krebs:      Qrator:         Threatpost:         Mikrotik:      Hacker News

You Might Also Read: 

French Cyber-Police, Avast & FBI Neutralise Global Botnet

 

« Ransomware: One Percent Makes A Big Impact
Secure Network Access For The Modern Distributed Workforce »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Device Authority

Device Authority

Device Authority specialises in security automation for the Internet of Things (IoT).

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

QuintessenceLabs

QuintessenceLabs

QuintessenceLabs offers a suite of Data Security technology, products and solutions to secure digital information in-transit, at-rest or in-use.

National Digital Exploitation Centre (NDEC) - United Kingdom

National Digital Exploitation Centre (NDEC) - United Kingdom

NDEC is a project to create a centre of cyber and digital development and education for the UK. It will offer training in digital practices, cyber security and research.

Featurespace

Featurespace

Featurespace is a world-leader in Adaptive Behavioural Analytics and creator of the ARIC™ platform for fraud and risk management.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

Pentera Security

Pentera Security

Pentera (formerly Pcysys) is focused on the inside threat. Our automated penetration-testing platform mimics the hacker's attack - automating the discovery of vulnerabilities.

IT Search

IT Search

IT Search is a specialist IT recruitment company focusing on Cyber Security, IT Infrastructure, Software, Data, Digital Transformation and C Suite leadership positions.

YesWeHack

YesWeHack

YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered) to identify and report vulnerabilities in their systems.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

Green House Data

Green House Data

Green House Data is a managed services provider delivering hybrid solutions to enterprises who need secure IT environments and efficient management of their critical applications and business data.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

Institute for Security and Technology (IST)

Institute for Security and Technology (IST)

The Institute for Security and Technology's goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats.

Ross & Baruzzini

Ross & Baruzzini

Ross & Baruzzini delivers integrated technology, consulting, and engineering solutions for safe, sustainable, and resilient facilities.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.

Technology Mindz

Technology Mindz

Technology Mindz is a leading provider of cybersecurity services. We offer a wide range of services to help businesses. Our services are Identity and access management, Governance risk and compliance.