According to a new report from Prolexic Technologies, a provider of Distributed Denial of Service (DDoS) protection services that was recently acquired by Akamai Technologies, mobile applications are being increasingly used in DDoS attacks and are creating mitigation challenges.
Prolexic said that data gathered from attacks against its customers during Q4 shows that mobile devices participated in a DDoS attack campaign against a global financial services firm.
This should not be surprising, and mobile devices are not an entirely new DDoS attack vector. However, mobile-based DDoS attacks are important to pay attention to based on some of the mitigation challenges they create.
Based on analysis of recent attacks by Prolexic’s team, and Android-based tool called AnDOSid was used, which performs an HTTP POST flood attack.
This is not the first time mobile devices have been used as a platform to launch DDoS attacks.
DDoS attacks have become a favorite weapon of hacktivists over past few years, and while most attacks are launched from an army of PCs, some tools have worked their way over to mobile devices. In February 2012, researchers at McAfee found an Android version of the infamous Low Orbit Ion Cannon (LOIC).
LOIC was originally developed by “good guys” to stress test websites, but has been a favorite tool of Anonymous and other hacktivists to take targets offline by sending a flood of TCP/UDP packets in an attempt to overwhelm a system.
Prolexic believes that developers of applications commonly used in DDoS attacks like LOIC will increasingly port them to mobile platforms in 2014.
“The prevalence of mobile devices and the widespread availability of downloadable apps that can be used for DDoS is a game changer,” said Stuart Scholly, president of Prolexic. “Malicious actors now carry a powerful attack tool in the palm of their hands, which requires minimal skill to use. Because it is so easy for mobile device users to opt-in to DDoS attack campaigns, we expect to see a considerable increase in the use of these attack tools in 2014.”
“Traditionally, some type of infection or malware was required,” Scholly continued. “With mobile apps, malicious actors can choose to proactively participate in orchestrated DDoS attack campaigns. When you consider how many mobiles device users there are in the world, this presents a significant DDoS threat.”
DDoS attacks stemming from mobile devices create certain challenges when it comes to detecting and mitigating the attacks, and add another layer of complexity to the problem.
“Because mobile networks use super proxies, you cannot simply use a hardware appliance to block source IP addresses as it will also block legitimate traffic,” Scholly said. “Effective DDoS mitigation requires an additional level of fingerprinting and human expertise so specific blocking signatures can be developed on-the-fly and applied in real-time.”
Compared to Q4 2012, statistics from Prolexic’s Q4 DDoS Attack report include showing the following:
• 26.09 percent increase in total DDoS attacks
• 17.42 percent increase in application layer (Layer 7) attacks
• 28.97 percent increase in infrastructure layer (Layer 3 & 4) attacks
• 28.95 percent decrease in average attack duration: 22.88 vs. 32.21 hours
Compared to Q3 2013, the company saw a 48.04 percent increase in average peak attack bandwidth to 4.53 Gbps, and a 151.21 percent increase in peak packets-per-second rate to 10.60 Mpps.
“Looking back over 2013, a number of significant DDoS trends were observed,” said Scholly. “These include the emergence of Layer 7 toolkits, the rise in DDoS-for-hire services, the resurrection of amplified Distributed Reflection Denial of Service (DrDoS) attacks as a common and powerful attack vector, as well as the steady rise in the number of DDoS attacks originating from Asian countries.”
