Cloudflare has tracked down the botnet behind the largest denial of service attack in history. The company’s researchers dubbed this network Mantis, or shrimp-mantis in French, to describe this network limited in number, but extremely powerful.
In June, we told you about the largest denial of service (DDoS) attack ever recorded. Cloudflare, the company victim of the operation, has tracked down the network of infected computing devices behind this operation and describes it as the most powerful botnet to date, in a report published on July 14.
Concretely, hackers infect thousands of computers or connected objects and hijack them without the knowledge of the owners, so that they connect simultaneously to the same server until it is saturated. This network can be controlled from software whose access is shared with groups of hackers. In this way, one can “easily” bring down a website, drowning it with requests.
Last month, this notorious botnet hit more than 1,000 Cloudflare customers with a tsunami of unwanted connections that reached 26 million requests per second. A record.
The group specializing in IT infrastructure has discovered the network of infected devices behind this DDoS attack and depicts its somewhat unprecedented modus operandi. Rather than infecting a large number of connected objects as hackers would usually do, the hackers behind this botnet preferred to focus on 5,000 powerful computing devices such as servers. The volume of requests is all the more important.
A small but powerful botnet, like a crustacean
This paltry size of the network compared to its strength inspired cyber researchers, who gave the name Mantis to this botnet, or mantis shrimp in French. This species of crustacean around 30 cm is capable of delivering blows in 2 thousandths of a second. It’s fifty times faster than the blink of an eye.
Another peculiarity, the powerful mantis shrimp uses secure HTTPS connections against its users. An encrypted request is more expensive for the hacker, but much more difficult for the victim to manage, who will have a harder time tracing the attack.
According to Cloudflare, Mantis is a network used by criminals.36% of attacks were against telecom and web services groups. The rest targeted various media, gaming and finance companies. CloudFlare also mitigated a 15.3 million requests per second attack in April 2022, which used nearly 6,000 bots to target a customer operating a cryptocurrency launchpad. The United States concentrates 20% of cyberattacks, followed by Russia (15%), Turkey and France (5% each).
We do not yet know the origin of Mantis and its motivations can be numerous: disruption of traffic, spam campaign to defraud customers, computer infections to divert their uses… Last month, the FBI managed to block a network criminal open to all. For30 dollars per day (about 28.50 euros) criminalscould access 2,000 proxies. Cybercrime is becoming more democratic.
