Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Mantis botnet powered the largest HTTPS DDoS attack in June

The largest HTTPS DDoS attack recently mitigated by Cloudflare was launched by the Mantis botnet. In June 2022, DDoS mitigation firm Cloudflare announced it has mitigated the largest HTTPS DDoS attack that was launched by a botnet they have called Mantis. The Mantis botnet generated 26 million request per second using approximately 5000 hijacked virtual […]

Mantis botnet

The largest HTTPS DDoS attack recently mitigated by Cloudflare was launched by the Mantis botnet.

In June 2022, DDoS mitigation firm Cloudflare announced it has mitigated the largest HTTPS DDoS attack that was launched by a botnet they have called Mantis.

The Mantis botnet generated 26 million request per second using approximately 5000 hijacked virtual machines and powerful servers.

Mantis botnet

“The Mantis botnet was able to generate the 26M HTTPS requests per second attack using only 5,000 bots. I’ll repeat that: 26 million HTTPS requests per second using only 5,000 bots. That’s an average of 5,200 HTTPS rps per bot. Generating 26M HTTP requests is hard enough to do without the extra overhead of establishing a secure connection, but Mantis did it over HTTPS.” reads a report published by Cloudflare.

Experts consider Mantis as the evolution of the Meris botnet, which is composed of MikroTik devices, but Mantis includes a variety of VM platforms and supports running various HTTP proxies to perform the attacks. 

Cloudflare reported that the Mantis was involved in attacks against one thousand of its customers. Over the past month, Mantis was used to launch over 3,000 HTTP DDoS attacks against Cloudflare customers.

Most of the Mantis attacks targeted organizations in the Internet & Telecommunications industry (36%), followed by News, Media & Publishing industry (15%), Gaming (12%), and Finance (10%).

Most of the targeted organizations are located in the US (20%), followed by Russia-based companies (15%), while less than five percent included Turkey, France, Poland, Ukraine, and more.

Mantis is considered by the experts the most powerful botnet to date, for this reason, it will be likely convolved in many other attacks in the next months.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Mantis)

[adrotate banner=”5″]

[adrotate banner=”13″]