Russian Internet firm Yandex has been fighting a DDoS attack all summer, which has reached a peak attack rate of 21.8 million requests per second, powered by a quarter of a million rogue routers that form the Meris botnet.

According to security firm Qrator Labs which provides DDoS protection for Yandex, up to 56,000 devices are used in the attack at any one time, with up to 250,000 included in the entire botnet.

The Meris botnet (Meris is Latvian for plague) was also responsible for the previous record DDoS attacked which hit 17m requests per second and was mitigated by Cloudflare back in July this year.

What is a DDoS Attack?

A Denial of Service attack happens when a threat actor stops a service or website from working correctly.  This could be done either by forcing the website to crash by exploiting a known vulnerability in the operating system or web application or by over-whelming the infrastructure with rogue internet traffic – preventing legitimate traffic from being processed.  The motivation for the attack could be simple vandalism or a type of extortion – pay us and we will stop the attack.

A Distributed Denial of Service (DDos) attack happens when the threat actor uses a large number of devices under their control (often called a botnet) to send the rogue traffic to the target site in order to overwhelm it and knock it offline. The Meris botnet is largely comprised of routers manufactured by MicroTik, which were compromised due to a firmware bug that has since been patched.

Because of the huge volumes of data involved in a DDoS attack, few organisations have an infrastructure robust enough to defend themselves and instead make use of internet security firms that specialise is DDoS protection. These firms build out a large infrastructure and share the cost across many clients in order to provide them all with protection against DDoS attacks.