Mantis Botnet Behind Largest HTTPS DDoS Attack Targeting Cloudflare Customers

The botnet behind the largest HTTPS Distributed Denial of Service (DDoS) attack in June 2022 has been linked to a series of attacks targeting nearly 1,000 Cloudflare customers.

Appeal to the mighty botnet Mantisthe web performance and security firm attributed it to more than 3,000 HTTP DDoS attacks against its users.

The most attacked industry verticals include internet and telecommunications, media, gaming, finance, business and purchasing, with more than 20% of attacks targeting US-based companies, followed by Russia, Turkey, France, Poland, Ukraine, UK, Germany, Netherlands and Canada.

Last month, the company said it mitigated a record DDoS attack targeting an anonymous customer website using its free plan that peaked at 26 million requests per second (RPS), with each node generating around 5,200 RPS.

The tsunami of unwanted traffic lasted less than 30 seconds and generated more than 212 million HTTPS requests from more than 1,500 networks in 121 countries, led by Indonesia, the United States, Brazil, Russia and Russia. ‘India.

Mantis Botnet

“The Mantis botnet operates a small fleet of around 5,000 bots, but with them it can generate massive force – responsible for the largest HTTP DDoS attacks we’ve ever seen,” Cloudflare’s Omer Yoachimik said.

Mantis stands out for several reasons. The first is its ability to conduct HTTPS DDoS attacks, which are expensive due to the computational resources required to establish a secure TLS-encrypted connection.

Second, unlike other traditional botnets that rely on IoT devices such as DVRs and routers, Mantis leverages hacked virtual machines and powerful servers, equipping it with more resources.

cyber security

These volumetric attacks aim to generate more traffic than the target can handle, forcing the victim to exhaust their resources. While adversaries have traditionally used UDP to launch amplification attacks, there has been a move to newer TCP reflected amplification vectors that use middleboxes.

Microsoft in May 2022 disclosed that it had prevented approximately 175,000 UDP-reflected amplification attacks over the past year that targeted its Azure infrastructure. He also observed a reflected TCP amplification attack on an Azure resource in Asia that reached 30 million packets per second (pps) and lasted 15 minutes.

“Reflective amplification attacks are here to stay and pose a serious challenge to the internet community,” said the Azure Networking team. Noted. “They continue to evolve and exploit new vulnerabilities in protocols and software implementations to circumvent conventional countermeasures.”

Comments are closed.