September 16, 2021
A new botnet malware is spreading across the internet – and according to new research, it might have already infected 200,000 devices.
Called Meris, the botnet is reminiscent of Mirai, the IoT botnet that wreaked havoc in 2016, though it has unique characteristics too, reveals research from DDoS mitigation company Qrator Labs.
In recent days Meris has struck security publication KrebsOnSecurity and Yandex with what the Russian tech giant described as the biggest Distributed Denial-of-Service (DDoS) attack in history.
Meris is currently targeting devices made by MikroTik, a Latvian manufacturer of network routers.
“We do not know precisely what particular vulnerabilities led to the situation where MikroTik devices are being compromised on such a large scale,” Qrator Labs wrote in a blog post that details the botnet.
Though the researchers said it could be due to “some vulnerability that was either kept secret before the massive campaign’s start or sold on the black market”.
Alexander Lyamin, CEO at Qrator Labs, told The Daily Swig: “We see here a pretty substantial attacking force – dozens of thousands of host devices – growing.
“Separately, Qrator Labs saw the 30,000 host devices in actual numbers through several attacks, and Yandex collected the data of about 56,000 attacking hosts.”
September 15, 2021
KrebsOnSecurity is often the target of disgruntled cybercriminals and has now been targeted by a large and powerful botnet.
In this case, Meris is composed of a huge number of MikroTik routers. According to Qrator Labs and Yandex, Meris first appeared in late June and is still growing.
Meris may bring Mirai to mind, a botnet famous for taking down large swathes of the internet in 2016, but the team says this may not be the right comparison to make at this time.
"Some people and organizations already called the botnet "a return of Mirai," which we do not think to be accurate," Qrator Labs says. "Mirai possessed a higher number of compromised devices united under C2C, and it attacked mainly with volumetric traffic."
September 15, 2021
Latvian network equipment manufacturer MikroTik has shared details on how customers can secure and clean routers compromised by the massive Mēris DDoS botnet over the summer.
According to Qrator Labs researchers who provided details on the Yandex attack, Mēris — a botnet derived from Mirai malware code — is now controlling roughly 250,000 devices, most of them MikroTik network gateways and routers.
The researchers also added that the hosts compromised by Mēris are "not your typical IoT blinker connected to WiFi" but highly capable devices connected to the Intenet via an Ethernet connection.
September 10, 2021
On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from “Meris,” the same new botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.
In its Aug. 19 writeup, Cloudflare neglected to assign a name to the botnet behind the attack. But on Thursday DDoS protection firm Qrator Labs identified the culprit — “Meris” — a new monster that first emerged at the end of June 2021.
Qrator says Meris has launched even bigger attacks since: A titanic and ongoing DDoS that hit Russian Internet search giant Yandex last week is estimated to have been launched by roughly 250,000 malware-infected devices globally, sending 21.8 million bogus requests-per-second.
September 10, 2021
Record-breaking distributed denial of service attack targets Russia’s version of Google – Yandex. Technical details tied to a record-breaking distributed-denial-of-service (DDoS) attack against Russian internet behemoth Yandex are surfacing as the digital dust settles. A massive botnet, dubbed Mēris, is believed responsible, flooding Yandex with millions of HTTP requests for webpages at the same time.
According to Qrator, the Mēris botnet delivered the largest attack against Yandex it has ever spotted (by traffic volume) – peaking at 21.8 million requests per second (RPS). By comparison, infrastructure and website security firm Cloudflare reported that the “largest ever” DDoS attack occurred on August 19, with 17.2 million RPS.