Last weekend, the largest DDoS attack in the history of the Runet was carried out on the company's servers. The record scale of the cyberattack was confirmed by the American company Cloudflare, which specializes in repelling cyber attacks and cooperates with Yandex.
The company barely prevented the DDoS attack, and it continues this week. At the same time, Yandex did not disclose the specifics of the cyberattack, citing an internal audit.
"We are conducting an investigation. We are talking about a threat to infrastructure on a national scale," the source said. He could not say whether the representatives of Yandex had filed a statement with the police or the FSB.
As the representative of Yandex emphasized, despite the power and complexity of repelling a DDoS attack, it did not affect the operation of services, and also did not violate the safety of the company's user data.
Alexander Lyamin, CEO of Qrator Labs, said that in August and September 2021, there is an increase in the number of DDoS attacks on companies from various sectors of the economy, from small businesses to the largest corporations.
“The Mirai botnet, which made a sensation five years ago and was built on the basis of video cameras, has returned to us. Having spent the last few weeks studying the new botnet, we can say that a completely new botnet has appeared, and it is built on the network equipment of a very popular vendor from the Baltic States. It spreads through a vulnerability in the firmware and already counts up to hundreds of thousands of infected devices," Mr. Lyamin noted.
In recent days, several massive DDoS attacks on Russian companies have been reported.
Earlier, E Hacking News reported that the largest banks in Russia were subjected to a large-scale DDoS attack. They experienced problems with payments and card services for some time.
On September 3, it was reported about a failure in the work of the social network Vkontakte. According to Downdetector, complaints about problems with access to the social network began on September 2 in the evening.
A new large-scale DDoS attack carried out late in the evening on September 2 led to the system failure of major banks and made some of their services unavailable. Thus, a number of large banks experienced problems with payments and card services for some time.
VTB, Sberbank and Alfa-Bank withstood the attack, but their Internet provider Orange Business Services experienced significant difficulties.
"Everything that went through Internet providers, including land points that are connected by wires, ATMs, POS terminals, did not work for some time," said a bank representative.
"The IT services of our partners and their communication providers faced a DDoS attack, which affected the payment of customers in remote service channels," VTB reported.
Sberbank reported that on September 2, a failure was recorded on the side of an external service provider, which could lead to short delays in the operation of individual services.
"Some reports recorded by the Downdetector resource could be related to problems with one of the local Internet providers," Alfa-Bank reported.
Olga Baranova, Operational Director of Orange Business Services in Russia and the CIS, said that since August 9, the company's cyber threat monitoring center has been recording attacks on financial clients around the clock using capacitive attacks such as Amplification, as well as attacks using encrypted protocols (HTTPS).
"These attacks continue even now. The most powerful one was about 100 Gbps. Moreover, in terms of the number of attacks we detected, this August is comparable to the entire last year," added she.
As explained by the founder and CEO of Qrator Labs, Alexander Lyamin, Amplification attacks are aimed at communication channels, and HTTPS or Application Layer attacks are aimed directly at applications. "DDoS attacks of this type are the most dangerous: they are difficult to detect and neutralize since they can simulate legitimate traffic," noted he.