Russian Web Portal Yandex Hit by DDoS Attack

Russian website Yandex, serving as a universal portal that offers all sorts of web services, from a search engine, to email and news, reported an unusually big distributed denial of service attack targeting it.

Distributed denial of service or DDoS attacks involve threat actors flooding a website with requests or traffic, to the point where the site becomes unresponsive because it cannot handle the amount of requests and data throughput.

According to reports, the attack that targeted Yandex was orchestrated by the people running the Meris botnet. In Yandex's own report, the company stated that the DDoS attack targeting it was the biggest one in recorder history, with the attackers hammering Yandex with over 21 million requests each second.

Threatpost quoted security firm Qrator Labs who stated that the attack was carried out using hijacked networking equipment manufactured by Latvian company MikroTik. The hackers used an old bug that was still unpatched on tens of thousands of MikroTik devices. Reportedly, over 55 thousand devices were used to slam Yandex with requests.

Qrator confirmed that the attack on Yandex did indeed trump the previous largest reported DDoS attack that took place a little earlier this year and involved just over 17 million requests each second. The same Meris botnet was believed to be behind the previous large-volume DDoS attack as well.

Somewhat worryingly, the bug that the botnet operators abused to launch this massive attack on Yandex abused a bug that was documented and patched out years ago. This only serves as yet another warning in a long string of past attacks using old, unpatched vulnerabilities that there are an awful lot of devices out there that are not properly taken care of.

In cases like this, we are not talking about somebody's home router, but about industrial-grade gear that can be abused in much more dangerous ways, as the attack on Yandex proves.