Russian software giant Yandex confirmed at the end of last week that it succeeded in repelling a distributed denial-of-service (DDoS) attack that took place last month and at the beginning of this month, claiming that it was the biggest attack of its kind in history. One of the products marketed by the company is a service for protection against such attacks.
According to an official statement by the company, the attack – in which the malicious actors tried to flood the computer system with unusually high volumes of traffic so that it would not be able to cope with the scale of data – started in August and reached a record level last week on September 5.
"Our experts did manage to repel a record attack of nearly 22 million requests per second (RPS). This is the biggest known attack in the history of the internet," Yandex said. It also provided a breakdown of the statistics: 5.3 million RPS on August 7, 9.6 million RPS on August 29, and 21.8 million RPS on Sept. 5.
The company estimates that it was attacked by more than 200,000 bots working as part of a network, which has been named "Meris" (meaning "plague" in Latvian) because, the company claims, the botnet operates via compromised devices of Latvian communication equipment company MikroTik. In the last few weeks, there have been devastating DDoS attacks in New Zealand, the U.S. and Russia, all attributed to the Meris botnet, the company's statement said.
The botnet was spotted for the first time in June. In August, network infrastructure company Cloudfare announced that it had repelled a DDoS attack by Meris that reached 17.2 million RPS – almost three times larger than the largest attack it was aware of, according to the company. On Friday, popular cybersecurity blog Krebs on Security reported that it too had been attacked by the botnet.