A large number of HTTP requests were noticed by CloudFare overwhelming one of its clients. The requests were made from over 650,000 unique IP addresses tracing from China, initiating a distributed denial-of-service (DDoS) attack.
Chinese smartphones launch a massive DDoS web attack:
More than 650,000 Chinese smartphones have been unwillingly used in a massive attack that launched over 4.5 billion separate data requests in a single day using a browser-based HTTP flood. A mobile ad network seemed to have been used to initiate the attack. Appearing in popular apps in China, adverts seeded with malicious code were leveraged to establish such a massive attack against a target website.
He has also shared the steps following which a user could have been tricked into being a part of this DDoS attack:
- A user was casually browsing the Internet or opened an app on the smartphone.
- The user was served an iframe with an advertisement.
- The advertisement content was requested from an ad network.
- The ad network forwarded the request to the third-party that won the ad auction.
- Either the third-party website was the "attack page", or it forwarded the user to an "attack page".
He further speculates that the creators of this attack might have joined the networks that pipe adverts to people. And as these ad networks run live auctions, cyber criminals, by bidding the highest, could have their malicious ads places in front of many people.
This is one of the first examples of mobile DDoS attacks as typically criminals have used web browsers to launch these attacks. As mobile users often rely on apps to connect to different services instead of using browsers, mobile hasn't been a favorite for these malvertising campaigns. However, it definitely changes now as Majkowski says, "Attacks like this form a new trend. They present a great danger in the internet — defending against this type of flood is not easy for small website operators."