The internet infrastructure firm Cloudflare has released an advisory about a powerful botnet dubbed Mantis. The botnet was behind the largest-ever HTTPS-based distributed-denial-of-service (DDoS) attack in June 2022 and has targeted around 1,000 customers in the past few weeks.
Cloudflare explained that its security team mitigated the record-breaking DDoS attack last month that reached a peak of 15.3 million requests-per-second (rps). The Mantis botnet utilizes a small fleet of bots (more than 5,000) to disrupt businesses.
Interestingly, these HTTPS-based DDoS attacks require more computing power due to the higher cost of establishing a secure TLS connection over the internet. It’s one of the reasons that the botnet uses virtual machines (VMs) and servers to launch the attack rather than relying on home gateways and Internet of Things (IoT) devices.
“Mantis is the next evolution of the Meris botnet. The Meris botnet relied on MikroTik devices, but Mantis has branched out to include a variety of VM platforms and supports running various HTTP proxies to launch attacks. The name Mantis was chosen to be similar to “Meris” to reflect its origin, and also because this evolution hits hard and fast,” Cloudflare said.
How to prevent Mantis and other DDoS attacks
As reported by Cloudflare researchers, the Mantis botnet has successfully compromised 36 percent of customers in the internet and telecommunications sector. It has also targeted 15 percent of news organizations, followed by games publishers and finance firms (around 12 percent).
Additionally, Cloudflare notes that more than 20 percent of victims are based in the United States, and over 15 percent of the DDoS attacks targeted Russian companies. Other common targets include the UK, France, Canada, Turkey, China, Poland, Ukraine, China, and other countries.
Cyber attacks on small businesses and large organizations are becoming more frequent and targeted amid Russia’s invasion of Ukraine. Cloudflare has detailed some preventive strategies and a step-by-step guide on responding to DDoS attacks, and you can find more details on this support page.