Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan SimpleX Chat ThePornDude
Home Artists Posts Import Register
Join the new SimpleX Chat Group!

Yandex Hit With DDoS From Meris Botnet - ThreatWire (Patreon)

Published:
2021-09-14 17:28:09
Imported:
2023-10

Downloads

Content

By Shannon Morse, ThreatWire

A huge distributed denial of service attack has been hitting the Russian Yandex for the last several weeks, breaking records and with no end in sight.  According to reports, this botnet is called Meris and it’s being used to flood Yandex with HTTP requests (also called HTTP pipelining) for websites all at the same time. In this case the DDoS technique will request a connection to a server but before a response is sent, it’ll send a bunch more requests.

The requests originate from MikroTik gear, which was exploited with a 2018 bug that remains unpatched on more than 56,000 MikroTik devices. That vulnerability is tracked as CVE-2018-14847, and allows for remote code execution on those devices, including consumer routers. A patch is available but only about 30% of vulnerable devices actually patched, so another 200,000 or so remain vulnerable. Hosts in this botnet had port 2000 and port 5678 open.

By traffic volume, Qrator Labs tracked 21.8 million requests per second hitting Yandex between August 29 through September 5, and Cloudflare also tracked 17.2 million requests per second happening on August 19 - both of which stemmed from Meris. Cloudflare and Qrator both believe these are smaller instances and the botnet could be used for much more.

The researchers recommend patching vulnerable devices that are being used in this Meris botnet, as well as blacklisting and blocking consecutive requests in an HTTP pipeline attack. Users can also change their passwords, check firewalls to ensure they don’t allow remote access by unknown third parties, and look for scripts that weren’t created by you.

So far, the attacks have been mitigated but we can expect this botnet to grow by the day. Qrator Labs has more technical details available on their blog.

Record Breaking Botnet
https://www.bleepingcomputer.com/news/security/new-m-ris-botnet-breaks-ddos-record-with-218-million-rps-attack/
https://www.bleepingcomputer.com/news/security/mikrotik-patches-zero-day-flaw-under-attack-in-record-time/
https://thehackernews.com/2021/09/meris-botnet-hit-russias-yandex-with.html
https://www.reuters.com/technology/russias-yandex-says-it-repelled-biggest-ddos-attack-history-2021-09-09/
https://threatpost.com/yandex-meris-botnet/169368/
https://blog.qrator.net/en/meris-botnet-climbing-to-the-record_142/

Comments

No comments found for this post.