Rejected one of the biggest DDoS attacks: the victim is Yandex

Russian tech giant Yandex said it was hit by the largest distributed denial of service ( DDoS) attack on record during the months of August and September. The wave of “junk” traffic, destined to overwhelm systems with exorbitant amount of requests and bring them down, peaked on September 5, but Yandex managed to successfully defend itself against all attacks received . But what values ​​did it peak?

Just a few weeks before the crime, Cloudflare announced that it had handled another 17.2 million requests-per-second Distributed Denial of Service attack , which is apparently three times the value achieved by a previous record . What values ​​did the attack on Yandex reach?

“Our experts managed to fend off a record attack of nearly 22 million requests per second . This is the largest known attack in the history of the Internet. "

Yandex: 22 million requests for DDoS attack received

However, interesting information arrives on the attack in question. In fact, the attack took place through RuNet : this is the Russian segment of the Internet, created to function independently of the world web. Its purpose is to keep the national unified communications infrastructure in place in the event of a cyber attack by a foreign adversary.


Apparently no services offered by Yandex have been discontinued. The attack protection took place in partnership with Qrator Labs, which provides its customers with a DDoS protection service for cloud resources. Insider sources refuse to provide further information on the attack due to an ongoing audit, but noted that the incident poses "a threat to infrastructure nationwide."

A new botnet is the origin of the DDoS attack

The attack was carried out by a new botnet, which was given the name Mēris and draws its power from tens of thousands of compromised devices that researchers believe to be primarily powerful networking equipment.

Researchers think that the number of compromised devices belonging to the botnet is about 250,000 , but the attack on the Russian company's servers was carried out by about 56,000 hosts. This difference between the attacking strength and the total number of infected hosts that make up Mēris is explained by the fact that administrators normally don't want to show off the full power of their botnet in one fell swoop.

Botnet Meris. Credits: habr

The history of the botnet attacks on Yandex has the following history (where RPS stands for "request per second"):

  • 2021-08-07 – 5.2 million RPS
  • 2021-08-09 – RPS 6.5 million
  • 2021-08-29 – RPS 9.6 million
  • 2021-08-31 – RPS 10.9 million
  • 2021-09-05 – RPS 21.8 million

DDoS attacks getting bigger and more frequent

The online threat landscape continues to evolve at an accelerating pace, with an unstoppable increase in DDoS attacks, targeting new targets and creating new botnets. Just 2020 turned out to be a busy year for cybercriminals (the year of Covid-19), with widespread botnet activity and some of the largest DDoS attacks ever recorded.

An attack of this type of one gigabit per second is enough to inhibit most Internet services, but in recent years we have been seeing spikes in attacks of over one terabit per second generated by hundreds of thousands or even millions of devices.

Article Rejected one of the biggest DDoS attacks: victim is Yandex comes from Tech CuE | Close-up Engineering .