Content distribution network (CDN) firm Cloudflare says the botnet behind the biggest distributed denial of service (DDoS) attacks it has recorded has targeted nearly 1,000 of its customers in the past few weeks.
"Similarly, the Mantis botnet operates a small fleet of approximately 5,000 bots, but with them can generate a massive force – responsible for the largest HTTP DDoS attacks we have ever observed," Cloudflare said.
HTTPS DDoS attacks are more computationally expensive for the attacker and victim due to the cost of establishing an encrypted transport layer security (TLS) connection over the internet, according to Cloudflare.
"Mantis has branched out to include a variety of VM platforms and supports running various HTTP proxies to launch attacks," Cloudflare notes.
"The name Mantis was chosen to be similar to "Meris" to reflect its origin, and also because this evolution hits hard and fast. Over the past few weeks, Mantis has been especially active directing its strengths towards almost 1,000 Cloudflare customers."
In the past month, Mantis has launched over 3,000 HTTP DDoS attacks against Cloudflare customers, with 36% of the attacks targeting customers in the internet and telco sector. Other common targets were news organizations and games publishers, but it also targeted websites of organizations in finance, e-commerce and gambling.
Over 20% of the attacks targeted US organizations and over 15% of attacks targeted Russia-based organizations. Other nations targeted but counting for lower than 5% of attacks include Turkey, France, Poland, Ukraine, the UK, Germany, Netherlands, Canada, Vietnam, Cyprus, China, Hong Kong, Brazil, Sweden, Latvia, India and Philippines.