A new botnet, dubbed Mantis, that security researchers spotted last June was said to have performed a record-breaking DDoS (distributed denial-of-service) attack against its targets, being described as one of the most powerful botnet variants.
From the reports about the Mantis botnet, its attacks had topped at 26 million HTTPS requests per second, coming from over 5,000 devices. Previously, another powerful botnet dubbed Meris had held the record before Mantis came, which had attacks that peaked at over 21 million HTTPS requests per second.
The researchers that mitigated the sophisticated botnet had been tracking it since they first discovered it. They also explained that its name came from the Mantis Shrimp, a crustacean that could blow devastating strikes against its enemy using its claws. Hence, the Mantis botnet’s capabilities are highly similar to its namesake.
In usual instances, botnets had to compromise numerous connected machines to build sufficient power to distribute attacks toward the targeted devices and disrupt their operations.
The Mantis botnet focuses on using servers and virtual machines that could give more significant resources for its campaign.
For a DDoS attack to be effective, it will require a whole lot of HTTPS requests which is a resource-demanding process. Thus, the botnet needs to swarm devices that are powerful enough to hold strong power and launch intense DDoS attacks.
Based on past observations, the Meris botnet had once employed MikroTik devices in their powerful attacks since the network equipment provider features powerful hardware that could support Meris’ capabilities.
The Mantis botnet is detected most among the sectors of IT and telecommunication, news, media, finance, and gaming. The past month had been particularly busy for the Mantis’ operators after launching over 3,000 DDoS attacks on a security company’s clients.
These targeted sectors originate mostly from the US, Russia, Turkey, France, Ukraine, Poland, Germany, Netherlands, Canada, and the UK.
Organising an effective DDoS attack response plan is highly advised by security researchers, as well as securing the organisation’s infrastructure with attack prevention solutions. It is also helpful to perform a regular network vulnerability assessment, learn about the early signs of a DDoS attack, and employ cloud-based service providers if deemed appropriate.