Mantis Botnet Behind The Largest HTTPS DDoS Attack Against Cloudflare Customers

Botnets behind the largest HTTPS distributed denial of service (DDoS) attack in June 2022 that involved a series of attacks against nearly 1,000 of its customers. Cloudflare.

Call powerful botnet mantisWeb performance and security company have attributed it to more than 3,000 HTTP DDoS attacks against their users.

The verticals most attacked include internet and telecommunications, media, gaming, finance, business, and shopping, with more than 20% of the attacks targeting US-based companies. , followed by Russia, Turkey, France, Poland, Ukraine, Great Britain, Germany, the Netherlands and Canada.

Last month, the company said it mitigated a record-breaking DDoS attack against an unnamed customer’s website using its Free plan, which peaked at 26 million requests per second (RPS), with each node generates about 5,200 RPS.

The junk traffic tsunami lasted less than 30 seconds and generated more than 212 million HTTPS requests from more than 1,500 networks in 121 countries, led by Indonesia, the US, Brazil, Russia, and India.

“Botnets Mantis operates a small team of about 5,000 bots, but with them can create a large force – responsible for the largest HTTP DDoS attacks we have ever observed,” said Omer Yoachimik of Cloudflare.

Mantis stands out for a number of reasons. The first is the ability to perform HTTPS DDoS attacks, which are costly in nature due to the computational resources required to establish a secure TLS encrypted connection.

Second, unlike other traditional botnets that rely on IoT devices like DVRs and routers, Mantis leverages compromised virtual machines and powerful servers, equipping it with more resources.

These volume attacks are intended to generate more traffic than the target can handle, draining the victim of its resources. While traditional adversaries use UDP to launch amplification attacks, there has been a shift to newer TCP reflection amplification vectors that use man-in-the-middle boxes.

In May 2022, Microsoft revealed that it had prevented approximately 175,000 UDP reflection amplification attacks over the past year against its Azure infrastructure. It also observed a TCP reflection amplification attack on an Azure resource in Asia that reached 30 million packets per second (pps) and lasted 15 minutes.

The Azure Networking team noted: “The reflected amplification attacks persist here and pose a serious challenge to the internet community. “They continue to develop and exploit new vulnerabilities in protocols and software implementations to bypass conventional countermeasures.”

.