Across 250,000 devices, the Meris botnet has managed to break the record for the largest DDoS attack by volume this summer. And he has succeeded twice.
Its greatest particularity is that it has managed to bring down some of the most robust servers that exist in the countries where it is focusing. These are the United States, Russia, New Zealand, and the United Kingdom. Although also in other European countries, in Latin America and the Middle East.
Let’s remember that a DDoS or denial of service attack is characterized by a group of people or automatisms (in this case bots) attacking a server or computer from many computers at the same time. This massive flow of data makes server resources end up being insufficient, causing it to crash and stop working.
It should be remembered that a few days ago, Cloudflare explained how it had managed to mitigate the largest DDoS attack in history and called Mirai. The information that Meris has broken the record, twice in the last summer, as the largest in history is according to research conducted by the Russian search engine Yandex.
A “new kind” of botnet
According to the Russian entity Qrator Labs, a DDoS mitigation service, Meris is a new type of botnet and this makes it difficult to stop its activity. Meris “can overwhelm almost any infrastructure, including some highly robust networks. All of this It is due to the enormous power of RPS that it brings with it“. RPS means the number of requests per second that the botnet has the capacity to carry out.
Specifically, on September 5 it was reported that this botnet managed to reach the figure of 21.8 million RPS in an attack on Yandex.
Precisely, what differentiates this from other attacks is that DDoS attacks generally end up collapsing computers by the amount of data they request per second. That is, saturate the servers based on requests so that the server crashes. What is not very common is that it focuses its attack on the number of requests per second, as is the case with Meris.
For its part, Yandex observed signs of the appearance of the new botnet at the end of June. Regarding the devices you use, the confusion to calculate the exact figure is “due to the rotation of the devices since attackers don’t want to show all available capacityFurthermore, according to Yandex, the botnet’s devices are high-performance, not typical ‘Internet of Things’ devices, connected to a Wi-Fi network. In all likelihood, the botnet is made up of devices connected via an Ethernet connection.
What infrastructures it has taken down, that is known for now
As is often the case with these massive attacks, it is not known exactly all the reach it has had Meris, although some of the infrastructures attacked are already known. In addition to the attack on Yandex, which is Russia’s largest technology company, there is information about what happened in New Zealand.
As the New Zealand media nzherald has published, this distributed denial of service (DDos) attack has affected several major companies in the last week in the country, including banks such as ANZ and Kiwibank as well as NZ Post, MetService and the New Zealand Police, causing intermittent access to their websites. Access to the online services of the two large banks mentioned has been blocked for three days.