• +31 320 760020
  • support@yokdata.com

We've seen just the tip of the Mēris botnet iceberg

Posted on Oct 8, 2021
We've seen just the tip of the Mēris botnet iceberg

Last month, Russian tech giant Yandex was hit by the largest DDoS attack in history. The record-breaking attack was likely just a test drive.

The distributed-denial-of-service (DDoS) attack against Yandex that was carried out from August to September clocked in at a humongous 22 million requests per second (RPS).

For example, a previous record attack measured at 17.2 million RPSs. It's believed that the attack against an unnamed Cloudflare client was also carried out by the Mēris botnet.

The botnet behind the attacks was dubbed Mēris, which means 'plague' in Latvian. The name might have originated because the attack against Yandex employed mainly MikroTik network devices manufactured in Latvia.

According to CyberNews researchers, in the recent attack against Yandex, the botnet abuses a patched vulnerability (CVE-2018-14847) that affected RouterOS, an operating system used by MikroTik devices.

A blog entry by MikroTik claims that 'the attacker is reconfiguring RouterOS devices for remote access, using commands and features of RouterOS itself.' The worst part is that patching up now won't undo the damage as a password change and firewall update are also necessary to secure a device.

MikroTik also noted that a specific type of malware aims to reconfigure their devices from Windows computers from inside the network. The malware explicitly targets the aforementioned CVE-2018-14847 vulnerability.

So far, the patched vulnerability is the only confirmed way the botnet could infect new devices. However, it's not yet possible to rule an unknown zero-day vulnerability or brute force password attacks that allow the botnet to spread.

Full article on https://cybernews.com/security/weve-seen-just-the-tip-of-the-meris-botnet-iceberg/

#meris #botnet #yandex #ddos #mikrotik #yokdata #blog #BeCyberSmart