Take a fresh look at your lifestyle.

This is Meris, a new botnet that has managed to beat the record for the largest DDoS attack in history twice

A new botnet called Meris it is wreaking havoc in various countries around the world. With an army of around 250,000 devices, it has managed to break the record for the largest DDoS attack by volume this summer, twice. Meris is attacking in a way never seen before, achieving knock out some of the most robust servers thanks to the huge number of requests per second that it manages to send.


The The main countries where it has attacked in recent weeks are Russia, the United Kingdom, the United States and New Zealand. In Russia, it has gone after the servers of financial institutions, managing according to Yandex to carry out the largest DDoS attack to date with a maximum of 21.8 million requests per second. In other countries such as New Zealand, access to the main banks of the country has been blocked for three days.

A “new kind of botnet”

This is how Qrator Labs, a Russian DDoS attack mitigation service, has described it. They say Meris “can overwhelm almost any infrastructure, including some highly robust networks. All of this is due to the sheer power of RPS it brings with it.” What they refer to by RPS is the requests per second that the botnet makes. It is one of the main ways to measure the size of an attack, the other important is according to the amount of data requested per second.

C62aee15ff71939025d77951f8b78701

Attacks are generally carried out by amount of data that is requested per second, it is relatively rare to see attacks where the number of requests per second predominates. In addition to this, it seems to have a particularly high RPS amount, hence it is considered a “new type of botnet”.

Remember that DDoS attacks consist mainly of saturating the servers based on requests so that the server crashes. It is relatively “harmless” as the security of the data itself is not compromised (it can happen later using other techniques). From there, what attackers usually do is ask victims for money to stop attacking them and throw their servers to the ground.

What is a DDoS attack and how it can affect you

In June of this year, it broke the record for the first time with 17.2 million requests per second. An attack that Cloudflare claimed to have successfully mitigated. Is now Yandex who claims to have survived Meris’ second record, where requests rose to 21.8 millions last September 5. Meanwhile, the largest data volume attack was in the summer of last year, when Amazon’s AWS reported one of 2.3 Tbps.

Vía | Bleeping Computer