This is the most powerful botnet ever seen

Web security experts Cloudflare have recently spotted a new botnet which it claims is probably the most powerful ever seen. 

Dubbed Mantis, the firm is claiming it evolved from a previously-known botnet – Meris. There are a few things that make Mantis exceptional, according to the researchers. First – it has fewer bots in its network, compared to its counterparts – around 5,000, but it is capable of launching excruciatingly powerful attacks. 

The biggest Distributed Denial of Service (DDoS) attack on record is 26 million generated requests per second (rps), which Cloudflare says it successfully mitigated. To make things even more impressive – the requests were not done via HTTP, but rather HTTPS – a more expensive type of attacks, given that this type of attack needs extra computing power to establish a secure TLS connection. 

Hijacking servers and VMs

“That’s an average of 5,200 HTTPS rps per bot,” explained Cloudflare product manager Omer Yoachimik. “Generating 26 million HTTP requests is hard enough to do without the extra overhead of establishing a secure connection, but Mantis did it over HTTPS.” 

Mantis is able to do this as it doesn’t hijack low-power devices, such as DVRs, or cameras, but rather powerful endpoints – servers, or virtual machines. 

The botnet is also capable of attacking at scale – in the first month of Cloudflare keeping an eye on Mantis, it managed to launch more than 3,000 HTTP DDoS attacks against its customers.

Most of the time, the operators go for internet and telecommunications companies (36%), media and publishing firms (15%), and gaming and finance organizations (12%). The victims are usually located in the United States (20%), although Russian-based firms are also a major target (15%), followed by those in Turkey, France, Poland, Ukraine, the UK, Canada, and China.

Distributed Denial of Service attacks are often used as a distraction, while threat actors conduct more devastating attacks, such as ransomware, or data exfiltration.

Via: The Register