Russian Internet Giant Yandex Targeted by Record-Breaking DDoS Attack

A botnet known as Mēris has targeted Yandex’s network with a record-breaking 21.8 million requests per second (RPS), overshadowing a recent high volume DDoS attack in the financial sector which reached 17.2 million RPS.

Mēris, which translates to ’plague’, has been described by Russian based DDoS mitigation service Qrator Labs as a ‘’botnet of a new kind’’, stating that Mēris ‘’can overwhelm almost any infrastructure, including some highly robust networks, due to the enormous RPS power that it brings along."

Qrator Labs went on to disclose that the Mēris botnet is still growing, with serious implications of the damage it may cause to its next victim.

The Mēris attacks utilised a method known as HTTP pipelining, which is characterised by infected devices opening multiple connections and requests to a server without waiting for a response – confusing the network by leaving before a full conversation has been had between the two entities. The botnet appears to have weaponised network devices from Latvian network equipment manufacturer Mikrotik, spanning a spectrum of RouterOS versions.

Mikrotik stated that the Mēris appears to infect the same routers that were previously compromised in a 2018 vulnerability that had since been patched – meaning that there is no zero-day vulnerability linked to the Mēris botnet. Mikrotik followed up by mentioning that identifying the vulnerability alone will not protect the at-risk routers, ‘’If somebody got your password in 2018, just an upgrade will not help. You must also change the password, re-check your firewall if it does not allow remote access to unknown parties, and look for scripts that you did not create"

With botnets such as Mēris out there, it’s never been more important to not only protect your network from DDoS attacks but to prevent your devices from being infiltrated and becoming part of the botnets that conduct these illegal activities.