Massive Botnet Attack Targets Biggest Russian Web Portal

According to reports Russian website Yandex was hit by a distributed denial of service attack by a botnet. Yandex serves as something of a Russian-language analog of Google, offering all sorts of web tools ranging from a search engine to financial information and web mail services.

Distributed denial of service attacks usually use previously compromised devices that become part of a bot net. Those devices are later used to launch a flood of automated, high-frequency requests at a target website, bringing it down through the sheer amount of data throughput requested each second.

Reports coming from both Yandex and a third-party security firm state that this particular attack was the largest ever observed. While another recent attack held the record until very recently, at over 17 million requests per second, the last attack targeting Yandex was reported to peak at over 21 million requests slamming the site every second.

According to researchers, both those attacks were performed by the operators of one and the same botnet - an entity called Meris. Researchers believe that the attack on Yandex made use of compromised MikroTik network hardware.

The way the threat actors managed to get into the networking devices was through an old vulnerability dating back to 2018 that was still unpatched on over 50 thousand units.

The bug that the hackers used to gain access to the MikroTik gear was first described and quickly patches way back in 2018. The fact that there are still such a significant number of unpatched, unsecured devices, left wide open to attach and abuse as this latest attack shows, only serves to highlight the extreme importance of keeping all your devices and software updated and patched, even if it is just your home operating system and router.

September 13, 2021