Security researchers have unearthed a distributed denial-of-service (DDoS) attack that used advertising traffic from hundreds of thousands of Chinese smartphones to help knock a website offline.
In the incident, traffic derived from smartphones, as well as a smaller proportion of desktops and tablets, was used to hit a website with about 4.5 billion requests from a total of about 650,000 unique IP addresses during the course of a single day, according to CloudFlare, which said one of its customers had been targeted.
China has become a major market for smartphones, recently surpassing the US to become Apple’s top iPhone market.
CloudFlare said it wasn’t possible to determine why so many smartphones were involved – 80 percent of the requests originated from mobile devices, including 72 percent smartphones and 5 percent tablets, compared to 23 percent desktops – but said the malicious ads are likely to have been displayed on sites frequented by mobile users. All but 0.2 percent of the requests originated from China, the company said.
“The most plausible distribution vector seems to be an ad network,” CloudFlare said in an advisory. “It seems probable that users were served advertisements containing the malicious JavaScript. This ads were likely showed in iframes in mobile apps, or mobile browsers to people casually browsing the internet.”
The attack made use of innocuous-seeming ads to redirect users to an attack page, which in turn used JavaScript code to direct requests against the target page, CloudFlare said. More conventional DDoS attacks, by contrast, make use of malicious software implanted on user systems to direct traffic against targets.
Overall, the frequency of DDoS attacks continued to rise during the second quarter of 2015, doubling year-on-year for the third quarter in succession as instances of “mega attacks” also became more common, Akamai said last month.
The incident represents a new form of abuse for online advertising networks, CloudFlare said. Such networks give advertisers access to large numbers of web users, and have been made use of to implant malicious code on users’ systems in a number of recent high-profile incidents.
“Attacks like this form a new trend,” CloudFlare stated. “They present a great danger in the internet — defending against this type of flood is not easy for small website operators.”
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…