The record-breaking distributed denial-of-service (DDoS) attack that Cloudflare mitigated last month originated from a new botnet called Mantis, which is currently described as “the most powerful botnet to date.”
The attack peaked at 26 million requests per second that came from 5,067 devices. The previous record was held by Mēris botnet, which launched an attack that spiked at 21.8 million requests per second.
DDoS mitigation company Cloudflare, has been tracking Mantis botnet attacks against one thousands of its customers.
Not your ordinary botnet
Cloudflare explains in a report today that its analysts named the botnet Mantis after the Mantis Shrimp that can deliver devastating blows with its claws while being roughly 10 cm (4 inches) long. Similarly, the botnet is extremely powerful despite relying on a small number of devices.
Typical botnets need to compromise a large number of connected devices to accumulate sufficient firepower to deliver disrupting attacks against protected targets.
Mantis targets focuses on servers and virtual machines, which come with significantly more resources.
Generating many HTTPS requests is a resource-demanding process, so the more powerful the devices that constitute the botnet swarm, the more potent the DDoS attacks they can launch.
The previous record holder, Mēris, achieved particularly strong attacks by recruiting MikroTik devices, which feature powerful hardware.
Mantis targets entities in the IT and telecom (36%), news, media, and publications (15%), finance (10%), and gaming (12%) sectors. Over the past 30 days, Mantis launched 3,000 DDoS attacks against almost a thousand Cloudflare customers, the company notes.
Most of the targets are organizations in the United States (20%) and the Russian Federation (15%), while victims in Turkey, France, Poland, Ukraine, the UK, Germany, Netherlands, and Canada account for percentages between 2.5% and 5%.