Mantis botnet – June’s record-breaking DDoS attack | CyberNcrypt
Cloudflare mitigated a record-breaking distributed denial-of-service (DDoS) attack last month that originated from a new botnet called Mantis, which is currently described as “the most powerful botnet to date.”
At its peak, the attack generated 26 million requests per second from 5,067 devices. The previous record was held by the Mēris botnet, whose attack peaked at 21,8 million requests per second.
Normal vs Mantis Botnet
Normal botnets must compromise a large number of connected devices in order to amass enough firepower to launch disruptive attacks against protected targets. Mantis concentrates its efforts on servers and virtual machines, which have significantly more available resources. The generation of numerous HTTPS requests is a resource-intensive process, so the more powerful the botnet devices, the more potent the DDoS attacks they can launch.
The previous record holder, Mēris, carried out particularly potent attacks by enlisting powerful hardware-equipped MikroTik devices.
Mantis targets organizations in the IT and telecommunications (36%), news, media, and publications (15%), finance (10%), and gaming (12%) industries. In the last 30 days, Mantis launched 3,000 DDoS attacks against nearly 1,000 Cloudflare customers, according to the company. The majority of targets are organizations in the United States (20%) and the Russian Federation (15%), with Turkey, France, Poland, Ukraine, the United Kingdom, Germany, the Netherlands, and Canada accounting for between 2.5% and 5%.
How to prevent Mantis botnet
Cloudflare published some prevention mechanisms against Matis Botnet. Dynamic fingerprinting is utilized by Cloudflare’s automated DDoS protection system to detect and mitigate DDoS attacks. Customers can access the system via the HTTP DDoS Managed Ruleset. The ruleset is enabled and applies mitigation actions by default, so if you haven’t made any modifications, you do not need to take any action; you are protected.
Please visit Cloudflare’s official website for more details about the attack.
