Hacking

Yandex is under the largest DDoS attack in the history of Runet

The Russian internet service provider Yandex is under a massive distributed denial-of-service (DDoS) attack that began last week.

The Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country to an internet shutdown.

The record magnitude of the massive DDoS attack was also confirmed by the US company Cloudflare, which specializes in the protection against such kinds of attacks. Curiously Yandex in partnership with third-party security firms provides its customers a DDoS protection.

“A high-ranking source at Yandex told Vedomosti that the largest DDoS attack in the history of the Russian Internet was carried out on the company’s servers last weekend.” reads a post published by the Russian media Vedomosti. “Another source at Yandex confirmed this information, noting that the company had difficulty in containing the DDOS attack and it continues this week.”

At the time of this writing, there is no news about the type of DDoS attack and the volume peaked in the offensive.

“We are conducting an investigation together with the contractors,” a source internal to the Internet provider told Vedomosti. “We are talking about a threat to infrastructure on a national scale.”

The DDoS attack was launched by a new DDoS botnet, this is the opinion of Alexander Lyamin, the CEO of Qrator Labs, a Yandex partner that provides DDoS protection.

Lyamin and his team observed a wave of massive attacks that targeted its customers between August and September, the malicious traffic was generated by a totally new botnet composed of compromised devices from a vendor in the Baltic region

The vendor in the Baltic region is suspected to be the Latvian company MikroTik, compromised devices from the vendor were employed in multiple botnets in the last couple of years. Threat actors exploited known vulnerabilities in the targeted devices that were running old software because owners did not patch them.

“The victims of these attacks are different, but the perpetrator, apparently, is the same, and he operates a botnet that has recently appeared in the industry,” Lyamin told Vedomosti. “Some industry players have already announced that the Mirai botnet, which made a splash five years ago and was built on the basis of video cameras, has returned to us. Having devoted the last few weeks to studying the new botnet, we can say that a completely new botnet has appeared and it is built on the network equipment of a very popular vendor from the Baltic States. It spreads through a vulnerability in firmware and already numbers up to hundreds of thousands of infected devices.”

DDoS attacks are becoming even more frequent and dangerous, the web infrastructure and website security company, CloudFlare announced in august to have mitigated the largest ever volumetric distributed denial of service (DDoS) attack to date.

The attack hit an unnamed customer of the company operating in the financial industry. The company said that the attack took place in July and was launched by a Mirai botnet.

The malicious traffic reached a record high of 17.2 million requests-per-second (rps), a volume three times bigger than previously reported HTTP DDoS attacks.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, DDoS)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

15 mins ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

4 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

18 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.