EXECUTIVE SUMMARY:

A massive botnet used for DDoS attacks is responsible for some of the largest DDoS hacks in recent months. The botnet’s operators launch attacks by sending menacing emails to large organizations that cannot afford to contend with infrastructure downtime.

The botnet gang then demands payment from victims. Those who refuse to pay experience a wave of small botnet attacks, which grow in size and scope over time, pressuring victims to pay the attackers.

Known as Meris, this botnet is named after the Latvian word for plague. Several internet service providers and financial institutions across the US, the UK, Russia and New Zealand have experienced attacks.

Why Meris is different

Meris can disrupt highly robust networks using a tremendous quantity of requests per second (RPS). In general, RPS-based DDoS attacks have largely been a rarity until this point. And across the past five years, none have had the same kind of impact or been seen on the same kind of scale as Meris.

A signature element of an RPS-based DDoS is its capacity to overwhelm CPU and computer memory. Unlike other types of DDoS attacks, RPS-based attacks aim to occupy servers’ resources, leading to their dysfunction.

How Meris broke Botnet records

The backbone of the Meris malware is the old Mirai DDoS malware. However, unlike Mirai’s DDoS, which focused on bandwidth attacks, Meris relies on specialized modules that launch volumetric attacks.

  • Meris has revived volumetric (application layer) DDoS threats
  • The botnet’s size also makes it noteworthy; DDoS attacks rarely scale so extensively
  • 8 million bogus requests per second were launched in a single week
  • 250,000 devices affected globally

Expert on cyber security Brian Krebs calls Meris attacks “record-shattering.”

Who is vulnerable

Researchers state that US enterprises may be more vulnerable to Meris threats than enterprises located elsewhere due to the computing infrastructure that US-based organizations commonly rely on. Similarly, Chinese infrastructure may remain at elevated risk for the same set of technical reasons.

Routers affected by this botnet range in age from old to recent. That said, researchers note that the “largest share” of affected devices tend to be of an older version.

Defending against botnet attacks

Overall, the internet and security communities have strengthened capacities to fight botnet attacks across the past few years. Sophisticated cyber security infrastructure can help defend against DDoS attacks.

Experts recommend DDoS protector security appliances and cloud DDoS protection services, which can arrest DDoS attacks before they cause damage. These technologies can provide multi-layered, customized zero day DDoS protection, SSL attack protection, and can help organizations maintain network performance even when under a network attack.

Many DDoS defense vendors also provide emergency response support 24/7 and mitigation services to customers who are unexpectedly contending with DDoS threats. Vendor-provided security expertise can enable organizations to mitigate complex attacks quickly.

In conclusion

The Meris botnet leaves expert concerned about new botnets of epic proportions. Your organization may want to consider adopting new, advanced cyber security infrastructure in order to contend with a potential increase in and sophistication of botnets.

See Cyber Talk’s past botnet coverage here. Lastly, if you liked this story, sign up for the Cyber Talk newsletter.

RELATED ARTICLESMORE FROM AUTHOR