A botnet known as Mantis has been identified as the source of record-setting attacks that targeted Cloudflare customers.
Cloudflare recently disclosed that it mitigated a DDoS attack peaking at 26 million requests per second. This followed an earlier incident in which Cloudflare defended against a 15.3 million requests-per-second attack.
Investigations have now tied both of those large-scale incidents to the Mantis botnet.
In these events, the majority of attack traffic originated from Indonesia, with significant contributions from Brazil, Russia, and India. Over the past month alone, Cloudflare observed more than 3,000 HTTP DDoS attempts directed at its customers.
Unlike many prior record-breaking DDoS campaigns that leveraged vast numbers of weak IoT devices, these more recent attacks increased their potency by compromising substantially more powerful infrastructure.
Cloudflare’s Omer Yoachimik explained that last month’s attack “originated mostly from cloud service providers as opposed to residential internet service providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack—as opposed to much weaker Internet of Things devices.”
In one incident against an unnamed customer, the botnet generated more than 212 million HTTPS requests from over 1,500 networks across 121 countries in under 30 seconds.
The industries most frequently targeted by the Mantis botnet include large commercial sectors and internet-facing services that depend on high-availability infrastructure. These attacks focus on organizations that rely on public-facing web services and APIs, where volume-based HTTP floods can create significant disruption.
Geographically, more than 20 percent of the attacks were directed at companies in the United States, followed by more than 15 percent aimed at Russian organizations. Other affected countries, each representing under five percent of observed attacks, included Turkey, France, Poland, Ukraine, and the United Kingdom.
Cloudflare named the botnet “Mantis” as an analogy to the mantis shrimp: a relatively small animal with a disproportionately powerful strike. Although mantis shrimps are typically under 10 cm long, their raptorial appendages can produce shock waves with forces on the order of 1,500 Newtons and strike at speeds approaching 83 km/h from a standstill.
“The Mantis botnet operates a small fleet of approximately 5,000 bots, but with them can generate a massive force — responsible for the largest HTTP DDoS attacks we have ever observed,” Yoachimik said.
(Image Credit: Cloudflare)
Interested in learning more about cybersecurity from industry experts? Consider attending Cyber Security & Cloud Expo events, which take place in Amsterdam, California, and London, where practitioners and vendors discuss defense strategies and emerging threats.
Also explore upcoming enterprise technology events and webinars organized by TechForge to stay informed about the latest trends and best practices in security and cloud operations.