Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

IoT, Android Botnets Emerge as Powerful DDoS Tools: Akamai

Distributed denial of service (DDoS) attacks observed during the third quarter employed familiar vectors, but a newcomer that made headlines for abusing Android devices is expected to evolve, a new Akamai report suggests.

Distributed denial of service (DDoS) attacks observed during the third quarter employed familiar vectors, but a newcomer that made headlines for abusing Android devices is expected to evolve, a new Akamai report suggests.

This new threat is the Android-based WireX botnet, which managed to infect 150,000 devices within a matter of weeks, the company’s Third Quarter, 2017 State of the Internet / Security Report (PDF), points out. Distributed through legitimate-looking infected apps in Google Play, the botnet managed to spread fast and might have grown even bigger if it wasn’t for the joint effort of several tech companies.

Akamai, which was involved in the botnet’s takedown, expects WireX to persist, evolve, and flourish, the same as the infamous Mirai Internet of Things (IoT) botnet did. Highly active last year, Mirai had a much lower presence on the threat landscape during Q3, with the largest attack powered by it only peaking at 109 Gbps (gigabit per second).

Regardless, Akamai believes that organizations should be prepared for the possibility of registering much larger DDoS attacks coming from these threats. The holiday season is expected bring along incidents where new attack techniques are abused.

“The lure of easy access to poorly-secured end nodes and easily-available source code make it likely that Mirai-based attacks won’t be fading in the near future,” said Martin McKeay, senior security advocate and senior editor, State of the Internet / Security Report. “Our experience suggests that an army of new potential attackers comes online every day. Couple with that, the ubiquity of Android software and the growth in the Internet of Things are amplifying the risk/reward challenges that enterprises face to tremendous levels.”

According to Akamai’s report, the overall number of DDoS attacks observed during the third quarter of the year grew only 8% from Q2, the same as infrastructure layer (layers 3 & 4) attacks did. Web application assaults, on the other hand, continued to rise significantly (30%) on quarter and registered a massive 69% increase compared to last year, the report shows.

Attackers made heavy use of SQL injection (SQLi) during the third quarter, with the attack vector registering a 62% increase compared to the previous year, and going up 19% on quarter. This, however, isn’t surprising, considering that the latest version of the OWASP Top 10 2017 has “injection” (inclusive of SQLi) as the top ranked vulnerability category.

Reflection-based attacks registered a very small increase (4%), while the average number of attacks per target reached 36, up 13% compared to the second quarter of the year. The target hit the most was a gaming customer which Akamai says endured 612 DDoS attacks during the time frame, or 7 attacks per day, on average.

Advertisement. Scroll to continue reading.

Akamai’s report also reveals a large increase (217% year-on-year) in attacks sourcing from the United States, the top source country for web application incidents. The county was also the target of the bulk of the web application attack traffic seen by Akamai during the third quarter, at 300 million (5 times the number seen in the next-highest country, Russia).

The continuous increase in DDoS attacks shows that defenders need to set up protections against this type of assaults too, in addition to keeping software and firmware updates at all times. Massive attacks such as NotPetya are proof of that, while massive cyber incidents such as Yahoo admitting that all of its 3 billion accounts had been compromised and the Equifax breach reveal that no one is safe.

“The third quarter’s headlines have illustrated the severe financial and business toll that cyber-attacks have had on businesses across many industries. With data showing that attacks are on the upswing as we head into the critical end-of-year and holiday season, the implication is clear: cyber security can only be ignored at great peril,” Akamai notes.

Related: Variant of Android WireX Bot Delivers Powerful UDP Flood Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet