Ad Networks Possibly used to launch massive DDoS Attacks
CloudFlare recently revealed that they were hit with a massive DDoS attack. A large number of HTTP requests originated from one of their customers. The extent of requests received indicates the possibility of Mobile Ad Networks being used for this nefarious purpose, CloudFlare reports.
In a case study that originated from an attack they faced, CloudFlare reveals that a new trend in the field of DDoS could be afoot. The usage of Mobile Ad Networks to cause massive DDoS attacks has been postulated by CloudFlare.
On analysing the request and the attack package, they could conclude that the request contained legitimate headers which were made by a real browser. The Origin header in the code was issued by an Ajax (XHR) cross origin call and the Referrer URL was correct.
It was found that around 80% of the requests originated from mobiles, with almost all of the requests originating from China. The widespread use of mobile phones in this attack led to the conclusion that perhaps the ad networks of mobiles had been used as the distribution vector for this DDoS.
The case study by CloudFlare jots down a possible sequence of how the attack was carried out:
- A casual mobile user opens an app or was browsing the internet.
- An advertisement iframe was served to the user.
- The content of the advertisement was requested from an ad network.
- The request was forwarded by the ad network to the third party that won the ad auction.
- The third party was either the attack page itself or was used to direct the user to the attack page.
Since ad networks piping adverts to people run live auctions, it is quite possible that cyber criminals enter such auctions, bid the highest, and then distribute their malicious code to a huge number of users. This shows a new trend that could be emerging in the field of DDoS.
The attack, as witnessed by CloudFlare, can be quite massive, and could be disastrous for a relatively small website that does not have the resources to counter it.