The technical attack specifics include the exploitation of a 2018 vulnerability, tracked as CVE-2018-14847. “Moreover, all those highly capable devices, not your typical IoT blinker connected to Wi-Fi – here we speak of a botnet consisting of, with the highest probability, devices connected through the Ethernet connection – network devices, primarily,” researchers wrote. ![]() Yandex and Qrato launched an investigation into the attack and believe the Mēris to be highly sophisticated. Tunneling facilitates the transfer of data between two private networks across the public internet. L2TP is a protocol used to manage virtual private networks and deliver internet services. The number of infected devices, according to the botnet internals we’ve seen, reaches 250,000,” wrote Qrator in a Thursday blog post. L2TP tunnels are used for internetwork communications. “Yandex’ security team members managed to establish a clear view of the botnet’s internal structure. Both are believed to be smaller precursor attacks by threat actors behind the Mēris botnet, which have yet to utilize the enormous firepower. The Yandex attacks occurred between August 29 through September 5 – when the 21.8 million RPS attack occurred. Researchers have linked Mēris to the August 19 DDoS attack tracked by Cloudflare. By comparison, infrastructure and website security firm Cloudflare reported that the “ largest ever” DDoS attack occurred on August 19, with 17.2 million RPS. Attackers, according to Qrator Labs, exploited a 2018 bug unpatched in more than 56,000 MikroTik hosts involved in the DDoS attack.Īccording to Qrator, the Mēris botnet delivered the largest attack against Yandex it has ever spotted (by traffic volume) – peaking at 21.8 million requests per second (RPS). Those requests reportedly originated from networking gear made by MikroTik. This DDoS technique is called HTTP pipelining, where a browser requests a connection to a server and, without waiting for a response, sends multiple more requests. A massive botnet, dubbed Mēris, is believed responsible, flooding Yandex with millions of HTTP requests for webpages at the same time. Technical details tied to a record-breaking distributed-denial-of-service (DDoS) attack against Russian internet behemoth Yandex are surfacing as the digital dust settles.
0 Comments
Leave a Reply. |