CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Powerful ‘Mantis’ DDoS Botnet Hits 1,000 Organizations in One Month

Web protection firm Cloudflare warns that a small but powerful botnet has launched distributed denial-of-service (DDoS) attacks on roughly 1,000 organizations over the past month alone.

Web protection firm Cloudflare warns that a small but powerful botnet has launched distributed denial-of-service (DDoS) attacks on roughly 1,000 organizations over the past month alone.

Dubbed Mantis, the botnet is responsible for a record-breaking 26 million requests per second (RPS) HTTPS DDoS attack observed in June, and it has since continued to display strength, with more than 3,000 attacks launched over the past several months.

Mantis is small, being powered by approximately 5,000 bots, but the fact that these are compromised virtual machines and powerful servers gives the botnet much more strength than its size would suggest.

“The Mantis botnet was able to generate the 26M HTTPS requests per second attack using only 5,000 bots. That’s an average of 5,200 HTTPS RPS per bot,” Cloudflare product manager Omer Yoachimik notes.

Yoachimik also points out that launching DDoS attacks over HTTPS is highly expensive in terms of computational resources, because they require establishing secure TLS encrypted connections.

“Mantis is the next evolution of the Meris botnet. The Meris botnet relied on MikroTik devices, but Mantis has branched out to include a variety of VM platforms and supports running various HTTP proxies to launch attacks,” Yoachimik explains.

Meris is believed to have launched record-breaking attacks last year, including a 22 million RPS DDoS assault at the beginning of September 2021, when it had roughly 200,000 bots, and a 17.2 million RPS attack two weeks before.

According to Cloudflare, the new Mantis botnet has also contributed to a spike in the number of HTTP DDoS attacks observed over the past month, being responsible for no less than 3,000 such assaults.

Advertisement. Scroll to continue reading.

Most of these attacks (36%) targeted the internet and telecommunication sector, with the news, media, and publishing industry being the botnet’s second favorite target, followed by the gaming and finance sectors.

Sectors targeted by Mantis DDoS botnet

More than 20% of the targets were organizations in the United States and roughly 15% were Russian companies. Turkey, France, and Poland rounded up the top five list, with roughly 5% each.

Related: MikroTik Confirms Mēris Botnet Targets Routers Compromised Years Ago

Related: Small Botnet Launches Record-Breaking 26 Million RPS DDoS Attack

Related: Cloudflare Customer Targeted in Record HTTPS DDoS Attack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.