Mantis Botnet launched 3,000 DDoS attacks in one month using only 5,000 small bots after which Cloudflare dubbed the botnet as “the most powerful botnet to date.”

According to Cloudflare content distribution network, a botnet named after a small shrimp is so powerful that it has launched the biggest ever DDoS attacks. Dubbed Mantis, the botnet has thus far targeted around 1,000 Cloudflare customers within the past few weeks.

The company revealed that it thwarted a brief but record-shattering DDoS attack peaking at 26 million rps (requests per second) in June. Ever since that attack, the internet infrastructure company has been tracking Mantis.

If you wonder why Cloudflare named it after the laser-legged Mantis, the company revealed that the botnet is similar to Meris, therefore the name reflects its origin and the capability to hit hard and fast.

Mantis Doesn’t Use IoTs

Cloudflare explained in its blog post that the Mantis botnet comprises nearly five thousand compromised machines. It mainly hijacks virtual servers and machines hosted by cloud firms instead of using low-bandwidth IoT devices like routers and DVRs.

It is worth noting that the Meris botnet used IoT devices, including hijacked MikroTik routers to attack popular websites. The botnet was also behind the massive DDoS attack on Yandex, a popular Russian search engine and technology firm.

In the same manner, the Mantis botnet operates through a “small fleet of” bots that can quickly generate massive force and launch large-scale HTTP DDoS attacks, which are actually more “computationally expensive” as the attacker has to establish an encrypted transport layer security connection. Thus, it seems like the beginning of the next phase in Meris botnet evolution.

“Mantis has branched out to include a variety of VM platforms and supports running various HTTP proxies to launch attacks.”

Cloudflare

Targets of Mantis Botnet

Cloudflare reported that in June, the Mantis botnet launched more than 3,000 HTTP DDoS attacks, and 36% of these attacks were targeted against the telco and internet sectors, game publishers, and news organizations. Additionally, it targeted French organizations’ websites, gambling sites, and e-commerce platforms.

Tiny Mantis Botnet Can Launch More Powerful DDoS Attacks Than Mirai
Industry targeted by the Mantis botnet

Furthermore, nearly 20% of Mantis botnet targets were organizations in the US, and 15% were Russian organizations. Around 5% of the targets were identified in:

  1. India
  2. China
  3. Brazil
  4. Latvia
  5. Turkey
  6. France
  7. Poland
  8. Ukraine
  9. Cyprus
  10. Canada
  11. Sweden
  12. Vietnam
  13. Germany
  14. Philippines
  15. Hong Kong
  16. Netherlands
  17. United Kingdom

Mantis vs Mirai

Mired in controversy, the Mirai botnet has made headlines time and again. The Mirai botnet was introduced to the world after its first-ever attack harnessed over 100,000 devices to launch a massive DDoS against Dyn, a company that provides DNS services. The DDoS attack on Dyn was the largest DDoS attack on record at that time, clocking in at 1.2 Tbps.

However, the Mantis botnet is different from Mirai in that it relies on vulnerabilities in routers and other connected devices rather than hijacked IoT devices. This makes it more difficult to defend against, as there are many more potential targets.

However, Cloudflare was able to identify and block malicious traffic before it reached its targets. This successful defense against the Mantis botnet shows that companies are beginning to learn from the Mirai attack and are taking steps to protect themselves.

More DDoS Attacks and Botnet News