Beware the Mantis – The Largest HTTPS DDoS Attack Confirmed

2022 has shown to be the year of the biggest cyberattacks ever. A couple of weeks ago, we witnessed what may be referred to as the most significant data breach ever impacting China. However, before that came the largest HTTPS distributed denial-of-service (DDoS) attack that targeted over 1,000 Cloudflare customers.

Cybercriminals are out there in search of revenue and, of course, reputation. If their attack gets labeled as the biggest in any department, they’ve guaranteed a spot at the top.

The Cloudflare botnet attack was a mystery. All we knew was a few details about the victims and the way of operation. But who was behind it? How can the threat actors commit such a large-scale campaign? We’ll answer these below.

The Mantis Strikes – Small, But Powerful

We’ve seen small operations pull off big cyberattacks in the past few months. A couple of days ago, a new group that goes by the name of Luna Moth (Which emerged in March 2022) breached organizations with phishing attacks using fake subscription renewals.

Back in June, Cloudfare saw its largest attack on record yet. They called it Mantis, due to its small size but big impact. The name comes from Mantis shrimps – creatures that are very small; less than 10 cm in length.

However, regardless of their size, mantis shrimps can generate a shock wave with a force of 1,500 Newtons with their claws. How does this resemble the botnet operation?

Well, Mantis has a small fleet of approximately 5,000 bots. But despite the small number (When it comes to bots), the operation can do a lot of harm and that was clear when it performed attacks against almost a thousand Cloudflare customers.

Target Acquired!

Not only that, but these 5000 bots were able to generate 26M HTTPS requests per second, talk about a huge impact. The botnet had a couple of targets in mind, including internet and telecom, finance, business, media, gaming, and shopping.

Apparently, the operators behind Mantis focused on certain regions. In fact, 20% of the attacks targeted U.S.-based companies and the rest included Russia, Turkey, the UK, and more. You can see the full analysis in the image below.

The largest attack we speak of was discovered last month by Cloudflare. Mantis targeted an unnamed customer website using its Free plan.

We all know what happened next – 26 million requests per second (RPS), with each node generating approximately 5,200 RPS.

According to Cloudflare’s Omer Yoachimik:

“The attack “originated mostly from Cloud Service Providers as opposed to Residential Internet Service Providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack — as opposed to much weaker Internet of Things (IoT) devices.”

The Mantis botnet will definitely pose a huge problem to anyone, regardless if it’s a company or a single individual. The threat is apparently here to stay and is definitely a serious challenge for the internet community.

Mantis Botnet – A Serious Preying Parasite

Mantis might be new, but as we mentioned, it’s definitely effective. If Cloudflare is declaring this attack as the largest DDoS attack it’s ever encountered, things are going to be a lot more drastic in the near future.

Such attacks are rarely aimed at single individuals, but still, you should always be careful. Don’t over-expose yourself online, you never know who’s watching.