Mēris Botnet Goes Global

The Russian Internet giant Yandex has been the target of a record-breaking Distributed Denial-of-Service (DDoS) attack known as Mēris. The botnet is believed to have attacked the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second. 

The Mēris  botnet, which has been seen since June 2021 is made up of around 250K malware-infected devices and is behind some of the largest recent DDoS attacks.

For the last five years, there have virtually been almost no global-scale application-layer attacks and during this period and cyber security professionals have learned how to cope with the high bandwidth network layer attacks, including amplification-based ones. 

Mēris, (the Latvian word for “plague”)  has been primarily used as part of a DDoS extortion campaign against Internet service providers and financial entities across several countries, such as UK, US, New Zealand and now Russia. What has been confirmed about the Mēris botnet is that it uses HTTP pipeline technology for DDoS attacks. Researchers have linked Mēris to a DDoS attack in August tracked by Cloudflare

The group behind the botnet typically sends menacing emails to large companies asking for a ransom payment. The emails, which target companies with extensive online infrastructure and which can’t afford any downtime, contain threats to take down crucial servers if the group is not paid a certain amount of crypto-currency by a deadline.

If victims don’t pay, the hackers unleash their botnet in smaller attacks at the beginning that substantially grow in size with time in order to put pressure on the victims.

The biggest contributor to the IoT botnet problem is the plethora of companies white-labelling IoT devices that were never designed with security in mind and are often shipped to the customer in default-insecure states, mainly because these devices tend to be far cheaper than more secure alternatives. There is a suggestion that the botnet could grow in force through password brute-forcing, which looks like some vulnerability that was either kept secret before the current massive campaign began or sold on the black market.

The Record:    Gigazine:     Brian Krebs:      Qrator:         Threatpost:         Mikrotik:      Hacker News

You Might Also Read: 

French Cyber-Police, Avast & FBI Neutralise Global Botnet

 

« Ransomware: One Percent Makes A Big Impact
Secure Network Access For The Modern Distributed Workforce »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Skybox Security

Skybox Security

Skybox combines firewall and network device data with vulnerability and threat intelligence, putting security decisions in your unique network context.

InfoWatch

InfoWatch

InfoWatch solutions allow you to protect data and information assets that are critically important to your business.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

Wireless Logic

Wireless Logic

Wireless Logic delivers a range of secure and resilient value-added M2M/IoT managed services that empower remote devices to communicate cost-effectively, two ways.

Snyk

Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world.

Trapezoid

Trapezoid

Trapezoid is a cybersecurity company developing Firmware Integrity Management solutions designed to detect unauthorized changes to firmware & BIOS across the entire data center infrastructure.

Fischer Identity

Fischer Identity

Fischer Identity provide identity & access management and identity governance administration solutions.

Startups.be

Startups.be

Startups.be helps tech entrepreneurs to be successful by providing quality access to service providers, business partners, customers and investors.

AppGate

AppGate

AppGate brings together a set of differentiated cloud- and hybrid-ready security and analytics products and services.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

KETS Quantum Security

KETS Quantum Security

KETS harnesses the properties of quantum mechanics to solve challenging problems in randomness generation and secure key distribution and enable ultra secure communications.

Bowhead Cybersecurity Solutions and Services (BCSS)

Bowhead Cybersecurity Solutions and Services (BCSS)

Bowhead Cybersecurity Solutions and Services provides high-end technical and professional services with an emphasis on providing Cyber Solutions.

BreachQuest

BreachQuest

BreachQuest brings together cybersecurity experts with decades of experience identifying security flaws, penetrating networks, and responding to incidents.

US Coast Guard Cyber Command

US Coast Guard Cyber Command

US Coast Guard Cyber Command’s focus is to ensure the security of our cyberspace, maintain superiority over our adversaries,and safeguard our Nation’s critical maritime infrastructure.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.