Security Experts:

Powerful 'Mantis' DDoS Botnet Hits 1,000 Organizations in One Month

Web protection firm Cloudflare warns that a small but powerful botnet has launched distributed denial-of-service (DDoS) attacks on roughly 1,000 organizations over the past month alone.

Dubbed Mantis, the botnet is responsible for a record-breaking 26 million requests per second (RPS) HTTPS DDoS attack observed in June, and it has since continued to display strength, with more than 3,000 attacks launched over the past several months.

Mantis is small, being powered by approximately 5,000 bots, but the fact that these are compromised virtual machines and powerful servers gives the botnet much more strength than its size would suggest.

“The Mantis botnet was able to generate the 26M HTTPS requests per second attack using only 5,000 bots. That’s an average of 5,200 HTTPS RPS per bot,” Cloudflare product manager Omer Yoachimik notes.

Yoachimik also points out that launching DDoS attacks over HTTPS is highly expensive in terms of computational resources, because they require establishing secure TLS encrypted connections.

“Mantis is the next evolution of the Meris botnet. The Meris botnet relied on MikroTik devices, but Mantis has branched out to include a variety of VM platforms and supports running various HTTP proxies to launch attacks,” Yoachimik explains.

Meris is believed to have launched record-breaking attacks last year, including a 22 million RPS DDoS assault at the beginning of September 2021, when it had roughly 200,000 bots, and a 17.2 million RPS attack two weeks before.

According to Cloudflare, the new Mantis botnet has also contributed to a spike in the number of HTTP DDoS attacks observed over the past month, being responsible for no less than 3,000 such assaults.

Most of these attacks (36%) targeted the internet and telecommunication sector, with the news, media, and publishing industry being the botnet’s second favorite target, followed by the gaming and finance sectors.

Sectors targeted by Mantis DDoS botnet

More than 20% of the targets were organizations in the United States and roughly 15% were Russian companies. Turkey, France, and Poland rounded up the top five list, with roughly 5% each.

Related: MikroTik Confirms Mēris Botnet Targets Routers Compromised Years Ago

Related: Small Botnet Launches Record-Breaking 26 Million RPS DDoS Attack

Related: Cloudflare Customer Targeted in Record HTTPS DDoS Attack

view counter