Mantis Botnet launched 3,000 DDoS attacks in one month using only 5,000 small bots after which Cloudflare dubbed the botnet as “the most powerful botnet to date.”
According to Cloudflare content distribution network, a botnet named after a small shrimp is so powerful that it has launched the biggest ever DDoS attacks. Dubbed Mantis, the botnet has thus far targeted around 1,000 Cloudflare customers within the past few weeks.
The company revealed that it thwarted a brief but record-shattering DDoS attack peaking at 26 million rps (requests per second) in June. Ever since that attack, the internet infrastructure company has been tracking Mantis.
If you wonder why Cloudflare named it after the laser-legged Mantis, the company revealed that the botnet is similar to Meris, therefore the name reflects its origin and the capability to hit hard and fast.
Mantis Doesn’t Use IoTs
Cloudflare explained in its blog post that the Mantis botnet comprises nearly five thousand compromised machines. It mainly hijacks virtual servers and machines hosted by cloud firms instead of using low-bandwidth IoT devices like routers and DVRs.
It is worth noting that the Meris botnet used IoT devices, including hijacked MikroTik routers to attack popular websites. The botnet was also behind the massive DDoS attack on Yandex, a popular Russian search engine and technology firm.
In the same manner, the Mantis botnet operates through a “small fleet of” bots that can quickly generate massive force and launch large-scale HTTP DDoS attacks, which are actually more “computationally expensive” as the attacker has to establish an encrypted transport layer security connection. Thus, it seems like the beginning of the next phase in Meris botnet evolution.
“Mantis has branched out to include a variety of VM platforms and supports running various HTTP proxies to launch attacks.”
Cloudflare
Targets of Mantis Botnet
Cloudflare reported that in June, the Mantis botnet launched more than 3,000 HTTP DDoS attacks, and 36% of these attacks were targeted against the telco and internet sectors, game publishers, and news organizations. Additionally, it targeted French organizations’ websites, gambling sites, and e-commerce platforms.
Furthermore, nearly 20% of Mantis botnet targets were organizations in the US, and 15% were Russian organizations. Around 5% of the targets were identified in:
- India
- China
- Brazil
- Latvia
- Turkey
- France
- Poland
- Ukraine
- Cyprus
- Canada
- Sweden
- Vietnam
- Germany
- Philippines
- Hong Kong
- Netherlands
- United Kingdom
Mantis vs Mirai
Mired in controversy, the Mirai botnet has made headlines time and again. The Mirai botnet was introduced to the world after its first-ever attack harnessed over 100,000 devices to launch a massive DDoS against Dyn, a company that provides DNS services. The DDoS attack on Dyn was the largest DDoS attack on record at that time, clocking in at 1.2 Tbps.
However, the Mantis botnet is different from Mirai in that it relies on vulnerabilities in routers and other connected devices rather than hijacked IoT devices. This makes it more difficult to defend against, as there are many more potential targets.
However, Cloudflare was able to identify and block malicious traffic before it reached its targets. This successful defense against the Mantis botnet shows that companies are beginning to learn from the Mirai attack and are taking steps to protect themselves.
More DDoS Attacks and Botnet News
- Cloudflare Thwarted Largest Ever HTTPS DDoS Attack
- DDoS Attack and Data Wiper Malware hit Computers in Ukraine
- Microsoft Azure customer hit by largest ever 3.47 Tbps DDoS attack
- New malware attack turns Elasticsearch databases into DDoS botnet
- DDoS attacks on Minecraft event crippled the internet of a European country