Mēris Botnet Goes Global

Uploaded on 2021-09-13 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

The Russian Internet giant Yandex has been the target of a record-breaking Distributed Denial-of-Service (DDoS) attack known as Mēris. The botnet is believed to have attacked the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second. 

The Mēris  botnet, which has been seen since June 2021 is made up of around 250K malware-infected devices and is behind some of the largest recent DDoS attacks.

For the last five years, there have virtually been almost no global-scale application-layer attacks and during this period and cyber security professionals have learned how to cope with the high bandwidth network layer attacks, including amplification-based ones. 

Mēris, (the Latvian word for “plague”)  has been primarily used as part of a DDoS extortion campaign against Internet service providers and financial entities across several countries, such as UK, US, New Zealand and now Russia. What has been confirmed about the Mēris botnet is that it uses HTTP pipeline technology for DDoS attacks. Researchers have linked Mēris to a DDoS attack in August tracked by Cloudflare

The group behind the botnet typically sends menacing emails to large companies asking for a ransom payment. The emails, which target companies with extensive online infrastructure and which can’t afford any downtime, contain threats to take down crucial servers if the group is not paid a certain amount of crypto-currency by a deadline.

If victims don’t pay, the hackers unleash their botnet in smaller attacks at the beginning that substantially grow in size with time in order to put pressure on the victims.

The biggest contributor to the IoT botnet problem is the plethora of companies white-labelling IoT devices that were never designed with security in mind and are often shipped to the customer in default-insecure states, mainly because these devices tend to be far cheaper than more secure alternatives. There is a suggestion that the botnet could grow in force through password brute-forcing, which looks like some vulnerability that was either kept secret before the current massive campaign began or sold on the black market.

The Record:    Gigazine:     Brian Krebs:      Qrator:         Threatpost:         Mikrotik:      Hacker News

You Might Also Read: 

French Cyber-Police, Avast & FBI Neutralise Global Botnet

 

« Ransomware: One Percent Makes A Big Impact
Secure Network Access For The Modern Distributed Workforce »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cristie Data

Cristie Data

Cristie have been a trusted, innovative and leading edge data storage, backup and virtualisation solutions provider across all sectors of industry for over 40 years.

CERT.br

CERT.br

The Brazilian national Computer Emergency Response Team

BlueID

BlueID

BlueID is an IDaaS technology product which enables your objects to securely connect and interact with your users’ smart phones and smart watches.

IoT Now

IoT Now

IoT Now explores the evolving opportunities and challenges facing CSPs, and we pass on some lessons learned from those who have taken the first steps in next gen IoT services.

PRODAFT

PRODAFT

PRODAFT, Proactive Defense Against Future Threats, is a cyber security and cyber intelligence company providing solutions to commercial customers and government institutions.

Lineal Services

Lineal Services

Lineal supports clients in meeting their digital forensics, cyber security and eDiscovery needs by providing bespoke solutions to complex problems.

SpyCloud

SpyCloud

SpyCloud is a leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations.

Civic Technologies

Civic Technologies

Civic’s Secure Identity Platform (SIP) uses a verified identity for multi-factor authentication on web and mobile apps without the need for usernames or passwords.

CONCORDIA

CONCORDIA

Concordia is a Cybersecurity Competence Network with leading research, technology, and competences to build the European Secure, Resilient and Trusted Ecosystem.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

RNTrust

RNTrust

RNTrust provide solutions to meet today’s digital challenges utilizing digital technologies and services to make you more secured in digitally connected environment.

Grove Group

Grove Group

Grove provides businesses with the tools that work best for their unique operations, through cybersecurity and cloud services, custom software development and our big data analytics expertise.

Prembly

Prembly

Prembly are a compliance and security infrastructure company.

CyberTest

CyberTest

CyberTest offers cybersecurity consulting and penetration testing services that helps organizations and businesses securing their assets.

Star Lab

Star Lab

Star Lab specializes in the development and productization of embedded security technologies.

ClearFocus Technologies

ClearFocus Technologies

ClearFocus Technologies provides advanced cybersecurity services that secure our nation’s most sensitive assets.