[BreachExchange] Russian Internet Giant Yandex Targeted by Massive DDoS Attack

[Sophia Kingsbury]

https://heimdalsecurity.com/blog/russian-internet-giant-yandex-targeted-by-massive-ddos-attack/

The largest DDoS attack in the history of the Russian Internet was carried
out on Yandex’ servers last weekend. The record scale of the cyberattack
was confirmed by American company Cloudflare.

Without providing additional details, a Yandex spokesman confirmed the
attack for Russian publication Vedomosti:

"Yandex did indeed undergo a DDoS attack, which was reflected by our
network infrastructure and the system for filtering unwanted requests. The
attack did not affect the operation of the services, user data was not
affected."

The Russian segment of the Internet, the RuNet, was created to function
independently of the worldwide web. The RuNet Law aims to allow the Russian
authorities to control data traffic and restrict access to the global
Internet from Russia in case of foreign threats.

Vedomosti says that its sources declined to provide more information on the
attack because of an ongoing internal audit, but noted that the incident
represents “a threat to infrastructure on a national scale.”

According to Alexander Lyamin, CEO of Qrator Labs, an increase in the
number of DDoS attacks on companies from various sectors of the economy was
observed in August and September 2021 – from small businesses to the
largest corporations. Lyamin notes:

"The victims of these attacks are different, but the perpetrator,
apparently, is the same, and he operates a botnet that has recently
appeared in the industry. Some industry players have already announced that
the Mirai botnet, which made a splash five years ago and was built on the
basis of video cameras, has returned. Having devoted the last few weeks to
studying the new botnet, we can say that a completely new botnet has
appeared and it is built on the network equipment of a very popular vendor
from the Baltic States. It spreads through a vulnerability in firmware and
already numbers up to hundreds of thousands of infected devices."

The activity of this new botnet is observed not only in Russia but also in
Europe, the USA, India, the Middle East, the APAC region, Latin America.
Lyamin notes: “the whole world and the damage from them have already
reached the level of billions of rubles.”

As my colleague Elena explained, DDoS stands for Distributed Denial of
Service and refers to an online attack in which legitimate users are
prevented from accessing their target online location. This is usually done
by flooding that particular site with a multitude of illegitimate
information requests.

In terms of the number of requests per second, the botnet discovered by
Qrator Labs sets absolute records, developing amazing speeds – tens of
millions of requests per second, which exceeds the speed of ordinary
attacks of past years by two orders of magnitude.

According to the Distribution of DDoS attacks in Russia in 2020 report, the
main targets of DDoS attacks in Russia are entertainment companies (40.76%
of incidents), telecommunications companies (29.27%), online retail
(11.94%), construction (6%), financial institutions (4.56%), education
(3.61%), and service organizations (2, 68%).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210910/8ab75236/attachment.html>