Yandex hit by the largest cyber attack in Runet’s in history
The largest Russian internet company, Yandex, was hit by a major denial-of-service (DDoS) attack. The incident is likely among the largest in history.
Reuters reports that the massive nature of the attack was confirmed by an American cybersecurity firm Cloudflare. The Russian tech giant claims that the attack has begun in August and reached a record level on September 5. Initial statements alluded to the attack continuing until this day
“Our experts did manage to repel a record attack of nearly 22 million requests per second (RPS). This is the biggest known attack in the history of the internet,” Yandex said in a statement.
The company claims it had seen 5.2 million RPS on Aug. 7, 6.5 million RPS on Aug. 9, 9.6 million RPS on Aug. 29, 10.9 million RPS on Aug. 31 and finally 21.8 million RPS on Sept. 5.
Record holders for the largest DDoS attack seem to change quite fast. Three weeks ago Cloudflare reported that detected and mitigated a 17.2 million request-per-second (rps) DDoS attack, largest at the time.
On Wednesday, Yandex spokesman told Reuters that the attack did not affect services and user data.
“Yandex did indeed undergo a DDoS attack, which was reflected by our network infrastructure and the system for filtering unwanted requests,” a Yandex spokesman confirmed to Reuters.
According to Vedomosti, the attack was largest in RuNet’s. RuNet was created to function independently of the worldwide web and provide communication infrastructure in case of a cyber-attack from a foreign adversary against Russia.
There are few details about the attack itself and how threat actors carried it out. However, Yandex insiders told the Russian media outlet that the company considers the attack a threat to infrastructure on a national scale.
A DDoS caused internet outages in New Zealand last week when the country’s third-largest internet service provider was hit. The attack cut off around 15% of the country’s broadband customers from the internet at one point.
Recent reports show that 2021 will be yet another record year for the number of DDoS attacks carried out. Threat actors launched approximately 2.9 million DDoS attacks in the first quarter of 2021, a 31% increase from the same time in 2020.
During DDoS attacks, vast numbers of “bots” attack target computers. Hence, many entities are attacking a target, which explains the “distributed” part. The bots are infected computers spread across multiple locations. There isn’t a single host. You may be hosting a bot right now and not even know it.
When DDoS attackers direct their bots against a specific target, it has some pretty unpleasant effects. Most importantly, a DDoS attack aims to trigger a “denial of service” response for people using the target system.
This takes the target network offline. If you’ve repeatedly struggled to access a retail website, you may well have encountered a denial of service. And it can take hours or days to recover from.