Content delivery network (CDN) company Cloudfare said the botnet behind the largest-ever distributed denial-of-service (DDoS) attack has hit nearly 1,000 of the company’s customers over the past few weeks, even though they choose the best way to do data protection.
Cloudflare named this botnet Mantis (Mantis), which means its rapid attack. The botnet launched a brief but record-breaking DDoS attack in June this year, with peak HTTPS requests reaching 26 million per second.
Instead of relying on low-bandwidth IoT devices, the Mantis botnet hijacks virtual machines and services hosted by cloud service companies.
According to Cloudflare, Mantis is an evolutionary and upgraded version of the Meris botnet, which relies on IoT devices such as hacked MikroTik routers to attack mainstream websites. In 2018, thousands of MikroTik routers were hacked, and these hacked routers were used in DDoS attacks until 2021.
“Similarly, the Mantis botnet, with around 5,000 bot hosts, was able to unleash a tremendous amount of power and single-handedly launch the largest HTTP DDoS attack we’ve ever seen,” Cloudflare said.
Cloudflare explained that given the cost of establishing an encrypted Transport Layer Security (TLS) connection on the Internet, HTTPS DDoS attacks are computationally more expensive for both attacker and victim.
“Mantis has expanded to include various virtual machine platforms, supporting running various HTTP proxies to launch attacks,” Cloudflare noted.
“The name Mantis, which is close to ‘Meris’, was chosen to reflect its origin, but also because this evolution came violently and rapidly. Just over the past few weeks, Mantis has been particularly active, launching blistering attacks on nearly 1,000 Cloudflare customers. ”
Over the past month, Mantis has launched more than 3,000 HTTP DDoS attacks against Cloudflare customers, with 36% of the attacks targeting customers in the internet and telecom industries. Other common targets are news organizations and game publishers, but websites of financial, e-commerce and gaming organizations are also targeted.
More than 20 percent of attacks targeted U.S. organizations, and more than 15 percent targeted Russian organizations. Other countries and territories attacked with less than 5% attack count include: Turkey, France, Poland, Ukraine, UK, Germany, Netherlands, Canada, Vietnam, Cyprus, China, Hong Kong, Brazil, Sweden, Latvia, India and the Philippines.
Therefore, no matter what country or industry, you must do a good job in data backup and recovery, so as to have enough confidence to resist cyber attacks. Even if a cyberattack steals data, we have backup and recovery techniques in place to minimize the loss.