Yandex is under the largest DDoS attack in the history of Runet

The Russian internet service provider Yandex is under a massive distributed denial-of-service (DDoS) attack that began last week.

The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country to an internet shutdown.

The record magnitude of the massive DDoS attack was also confirmed by the US company Cloudflare, which specializes in the protection against such kinds of attacks. Curiously Yandex in partnership with third-party security firms provides its customers a DDoS protection.

“A high-ranking source at Yandex told Vedomosti that the largest DDoS attack in the history of the Russian Internet was carried out on the company’s servers last weekend.” reads a post published by the Russian media Vedomosti. “Another source at Yandex confirmed this information, noting that the company had difficulty in containing the DDOS attack and it continues this week.”

At the time of this writing, there is no news about the type of DDoS attack and the volume peaked in the offensive.

“We are conducting an investigation together with the contractors,” a source internal to the Internet provider told Vedomosti. “We are talking about a threat to infrastructure on a national scale.”

The DDoS attack was launched by a new DDoS botnet, this is the opinion of Alexander Lyamin, the CEO of Qrator Labs, a Yandex partner that provides DDoS protection.

Lyamin and his team observed a wave of massive attacks that targeted its customers between August and September, the malicious traffic was generated by a totally new botnet composed of compromised devices from a vendor in the Baltic region

The vendor in the Baltic region is suspected to be the Latvian company MikroTik, compromised devices from the vendor were employed in multiple botnets in the last couple of years. Threat actors exploited known vulnerabilities in the targeted devices that were running old software because owners did not patch them.

“The victims of these attacks are different, but the perpetrator, apparently, is the same, and he operates a botnet that has recently appeared in the industry,” Lyamin told Vedomosti. “Some industry players have already announced that the Mirai botnet, which made a splash five years ago and was built on the basis of video cameras, has returned to us. Having devoted the last few weeks to studying the new botnet, we can say that a completely new botnet has appeared and it is built on the network equipment of a very popular vendor from the Baltic States. It spreads through a vulnerability in firmware and already numbers up to hundreds of thousands of infected devices.”

DDoS attacks are becoming even more frequent and dangerous, the web infrastructure and website security company, CloudFlare announced in august to have mitigated the largest ever volumetric distributed denial of service (DDoS) attack to date.

The attack hit an unnamed customer of the company operating in the financial industry. The company said that the attack took place in July and was launched by a Mirai botnet.

The malicious traffic reached a record high of 17.2 million requests-per-second (rps), a volume three times bigger than previously reported HTTP DDoS attacks.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, DDoS)

[adrotate banner=”5″]

[adrotate banner=”13″]