|Image Credits: Cloudflare.com|
Unlike PCs and Large networks, mobile phones lack adequate security generally. This may lead to mobile devices being compromised by malware easily which makes them a major source of targeted DDoS attacks against sensitive resources. Earlier last year a report from the firm Prolexic suggests that they may also be taking part in massive denial of service (DoS) attacks against enterprise networks.
Yes, Now It Happens In Reality!
Recently researchers at CloudFlare spotted a distributed denial-of-service (DDoS) attack that used mobile browsers to cripple sites with 4.5 billion requests. As per CloudFare the attack was recorded in late August and targeted one of their customer based in China. The browser-based Layer 7 flood peaked at 275,000 HTTP request per second and was issued by 650,000 unique IPs.
Popular Browsers Leveraged
Almost all traffic had its origin in china and 80 percent came from mobile devices. Mobile versions of the Xiaomi's MIUI browser, Safari, Chrome, and Tencent's QQBrowser were used in the attack.
"Strings like 'iThunder' might indicate the request came from a mobile app. Others like 'MetaSr', 'F1Browser', 'QQBrowser', '2345Explorer', and 'UCBrowser' point towards browsers or browser apps popular in China," reads the blog.
According to CloudFlare, the attack involved the following steps.
- A user was casually browsing the Internet or opened an app on the smartphone.
- The user was served an iframe with an advertisement.
- The advertisement content was requested from an ad network.
- The ad network forwarded the request to the third-party that won the ad auction.
- Either the third-party website was the "attack page", or it forwarded the user to an "attack page".
Attacks like this form a new trend. They present a great danger on the internet defending against this type of flood is not easy for small website operators. CloudFlare expressed confidence that they can handle such attacks easily without affecting its customers.
Image : cloudflare