What is Meris?
The Meris botnet is a type of malware that hijacks computers and networks to send spam, phishing messages, and other types of email. The botnet consists of infected computers that send out a large number of emails. It is one such attack which utilizes everyday devices like webcams and DVR’s to compromise networks. The new Meris Botnet was recently discovered and is actively distributing misinformation. Meris means “plague” in the Latvian language. The first detection of attack by QRator was in late June 2021 as a result of their joint research with Yandex. Their early findings identified 30,000 to 56,000 bots on affected sites, but they estimate that the numbers are actually much higher and now sit somewhere in the ballpark of 250,000 bots. The new Meris Botnet is utilizing a compromised version of the open source router software DD-WRT to hijack networks. DD-WRT was originally developed by the wireless distribution company Buffalo Technology and has been included in numerous products like Linksys, Netgear and Asus routers. However, many devices without secure updates on these products have become vulnerable to this.
What did Mikrotik say ?
Mikrotik is a Latvian based company that produces networking devices. Their extensive range of routers and wireless radios are the backbone of most WISPs (wireless internet service providers).The company’s prices are really competitive and their routers have so many features that they’re able to perform virtually any routing task. Their easy-to-use, powerful hotspot features are powering several public hotspots around the world..
In September 2021 Mikrotik published a statement that “As it has been observed, these attacks only target MikroTik routers that are vulnerable and have since been patched. Unfortunately, closing the vulnerability does not immediately protect users of these devices. If somebody stole your password in 2018, just an upgrade on your system won’t help. You must also change your password, re-check if your firewall doesn’t allow remote access to unknown parties, and remove scripts you didn’t create.”
Also in October 2021 Mikrotik published another statement that “To ensure the safety of all users, they have decided to provide the option for router owners to opt-in for remote assistance and remote firmware update, which will allow our engineers to diagnose and solve issues related with routers remotely. This is an optional service that does not require users’ passwords or confirmation.
Why Meris so powerful than Miral?
The Meris botnet delivers its punch in Requests Per Second (RPS), rather than gigabytes per second (Gbps); inundating a target server with requests that greatly exceed its CPU and memory resource capacity. According to Cybernews The Meris botnet has been made up of professional networking equipment. The make-up of the botnet means that perpetrators behind the botnet have access to a lot more processing power and higher speeds, which allows them to launch one attack after another. A botnet attack with this much power would be able to launch a DDoS attack with terabit-sized volume. Security experts have reason to worry that the recent Meris botnet attacks have been test-drives, representing only a fraction of the botnet’s potential.The Meris botnet is one of the largest DDoS botnets. It delivers its punch in Requests Per Second (RPS), rather than gigabytes per second (Gbps); inundating a target server with requests that greatly exceed its CPU and memory resource capacity. According to Cybernews The Meris botnet has been made up of professional networking
We recommend updating your network device firmware & changing your passwords so you can be safe online, regardless of what device you use or whether any vulnerabilities have been disclosed through the media. However, as an organization that would suffer significant impact from a DDoS attack facilitated by Meris, or any other attack tool, you can’t rely on others to be so diligent. For that reason, the only way to protect your business against the harmful effects of DDoS is to use a solution that can automatically detect and stop them. This can be accomplished by installing a defense system. , such as Meris, which will notify you before an attack occurs and take action to stop it.If you are aware of a vulnerability in a network device or other technology that you own, we recommend updating your network device firmware & changing your passwords so you can be safe online, regardless of what device you use or whether any vulnerabilities have been disclosed through.
How Does it Work?
To execute volumetric attacks, the botnet uses HTTP pipelining which can send multiple requests over a single connection. This maximizes its overall attack bandwidth. This botnet also uses open SOCKS proxies to change the source of their attack traffic. This paper explores the use of volumetric attacks by botnets and discusses the use of HTTP pipelining, which maximizes the attack bandwidth. It also discusses how the open SOCKS protocol can be used to increase an infected computer’s available resources and give it more control over an infected computer.
A volumetric attack is an attack where the attacker sends many, usually hundreds of, simultaneous requests to a server or other computer system. The goal of a volumetric attack is either to quickly overwhelm the target system so it cannot process these requests, or to effectively bombard the target with many requests in order to consume their resources.
Main target of Meris DDoS Botnet
Mers targets mainly Banks, Financial Services, and Insurance companies, where the meris DDoS Botnet is to take down the internet and prevent people from accessing it. The botnet was created by a hacking group that calls themselves “The Shadow Brokers”. These cybercriminals want to bring down the web as a form of revenge because they believe that the internet has been weaponized. against them. Here DDoS Botnets send massive amounts of traffic to a targeted website by exploiting exploits in computer networks and then shutting down their services. They use the UDP protocol with a spoofed IP address, which results in trashing the target’s web server’s resources that make it crash. .The meris DDoS Botnet is like a one-stop shop for hackers that can easily be bought on the dark web for about $1,000. It is a versatile tool that has been used to launch DDoS attacks with the following tools: – DDoS attack tools- IP spoofing tool- Credential theft tools- VPN tunneling tool.
Lectron protects against Meris DDoS attacks
Lectron’s DDoS protection systems activate and protect you against any type of Meris DDoS attack, including Meris and Mirai. These systems are also customizable. You can control your DDoS protection settings in Lectron Dashboard