Yandex sees red since a botnet took the Russian search engine down. Named MÄ “ris, he broke a DDoS attack record with 21.8 million requests sent per second.
Yandex, the default Russian search engine, counted over 90 million monthly users in 2018. (Yandex)
Russian internet giant Yandex has been under heavy attack for the past month. A botnet dedicated to DDoS attacks, which relies on thousands of compromised devices, and capable of sending 21.8 million requests per second, harasses Yandex. Russia's default search engine had over 90 million monthly users in 2018. Russian media quickly picked up on the news, citing the attack as the largest in Russian internet history. In detail, Mēris - which means plague in Latvian - compromised around 250,000 devices according to researchers at cybersecurity company Qrator Labs. The firm indicates in a post "having seen 30,000 host devices through several attacks, and Yandex has collected data on 56,000 attacking hosts." However, Qrator Labssuggests that the number is higher - probably over 200,000 devices, due to the spinning and unwillingness to show the "full power" of the attack.
Mēris n ' This is not his first try as he was held responsible for the largest volume of attack traffic Cloudflare has recorded and mitigated to date, which peaked at 17.2 million requests per second ( RPS). To deploy an attack, the researchers indicate that Mēris relies on the SOCKS4 proxy at the compromised device, uses the DDoS technique of HTTP pipelining and port 5678. As for the compromised devices used, the researchers say that 'they are linked to MikroTik, the Latvian manufacturer of network equipment for businesses of all sizes. A large majority of the attacked devices had ports 2000 and 5678 open, among others related to MikroTik devices and used for the nearby device discovery function.
Yandex losing control
On the Habr blog, Yandex reported that " the full power of the botnet is not visible due to the rotation of devices and the unwillingness of attackers to show all the available power. In addition, the botnet devices are high level terminals, not typical IoT devices connected to a WiFi network ”. Far from dealing with the situation, the search engine announces that "at present it can overload almost any network infrastructure, including some highly reliable networks specially designed to carry such a load. The main characteristic of a botnet is its monstrous RPS ".
Above is the schedule for a DDoS attack on Yandex on September 5, 2021. (Credit: Yandex)
To date , MikroTik was made aware of this vulnerability and told Russian media Vedomosti “that he was not aware of any other vulnerability that could compromise his products.” “We hope that joint efforts will get rid of the Internet soon. of this "plague" pandemic ", concludes Yandex.