Mantis Botnet Behind Largest HTTPS DDoS Attack Targeting Cloudflare Customers

Mantis Botnet Behind Largest HTTPS DDoS Attack Targeting Cloudflare Customers

The botnet that was responsible for the largest HTTPS distributed denial-of-service (DDoS) attack in June 2022 has been linked to a spate of attacks that were directed at nearly one thousand customers of Cloudflare.

The web performance and security company referred to the powerful botnet as Mantis and blamed it for more than 3,000 HTTP DDoS attacks launched against its customers.

The most frequently targeted industry verticals include internet and telecom, media, gaming, finance, business, and shopping. More than 20 percent of the attacks were directed at companies based in the United States, which was followed by Russia, Turkey, France, Poland, Ukraine, the United Kingdom, Germany, the Netherlands, and Canada.

The company announced earlier this month that it had successfully prevented a record-breaking DDoS attack using its Free plan. The attack was directed at an unnamed customer website and reached a peak of 26 million requests per second (RPS), with each node generating approximately 5,200 RPS.

The onslaught of unwanted traffic lasted for less than a quarter of a minute and resulted in more than 212 million HTTPS requests coming from more than 1,500 networks located in 121 countries, with Indonesia, the United States of America, Brazil, Russia, and India taking the top five spots.

Mantis Botnet Behind Largest HTTPS DDoS Attack Targeting Cloudflare Customers

According to Omer Yoachimik of Cloudflare, "The Mantis botnet operates a small fleet of approximately 5,000 bots, but with them can generate a massive force. It is responsible for the largest HTTP DDoS attacks we have ever observed."

There are many reasons why Mantis stands out from the crowd. The first of these is that it is able to carry out HTTPS DDoS attacks, which are costly in nature due to the amount of computational resources that are required to set up a secure TLS encrypted connection.

Second, in contrast to more conventional botnets, which rely on Internet of Things (IoT) devices like DVRs and routers, the Mantis botnet makes use of virtual machines and powerful servers that have been compromised in order to increase its access to more resources.

The goal of these volumetric attacks is to generate more traffic than the target can effectively process, which will cause the victim's resources to become depleted. Amplification attacks have traditionally been launched by adversaries using UDP; however, there has been a shift to newer TCP reflected amplification vectors that make use of middleboxes. Middleboxes are used in these attacks.

Microsoft revealed in May 2022 that it had thwarted approximately 175,000 UDP reflected amplification attacks directed at its Azure infrastructure over the course of the preceding year. The attacks were made. A TCP reflected amplification attack was also seen taking place on an Azure resource located in Asia. This attack reached 30 million packets per second (pps) and lasted for 15 minutes.

According to the Azure Networking Team, "Reflected amplification attacks are here to stay and pose a serious challenge for the internet community." They continue to adapt and find new vulnerabilities in protocols and software implementations, which allows them to get around traditional countermeasures.


Your suggestions and comments are welcome

Post a Comment

Your suggestions and comments are welcome

Post a Comment (0)

Previous Post Next Post