There may be some clarity forming around the distributed denial-of-service attacks that have hit organizations including Russia's Yandex, New Zealand's ANZ bank (which went down again yesterday, according to the New Zealand Herald), and other targets in the US and the UK. Qrator Labs today released a description of Meris, an IoT botnet with a quarter-of-a-million devices. There have been larger botnets (Mirai, for one, had in excess of three-hundred-thousand) but unlike its well-known predecessors, Meris relies on transmitting a high number of requests per second. Most of the devices exploited to form the botnet were networking gear from the Latvian vendor MikroTik. The Record reports that sources tell it the target of the Yandex DDoS attack wasn't Yandex itself, but rather a bank that used Yandex's cloud services to host its e-banking portal.
German prosecutors have opened an investigation into the GhostWriter campaign Berlin has attributed to Russian intelligence services, Der Spiegel reports. Germany's Foreign Ministry has warned, an Agence France Presse story says, that Russia will face unspecified consequences should the cyberespionage and election-related disinformation persist.
Recorded Future's Insikt Group yesterday issued a report on what it calls the "dark covenant" between Russian intelligence services and cybercriminals. The security organs aren't directing the criminals, but the gangs operate at their sufferance and shape their operations and target selection to conform to their understanding of what those services want. It's too soon to tell whether US carrots-and-sticks will inhibit the privateering: US cyber czar Inglis sees deterrence as complicated.