Mobile applications are seeing more use in distributed denial of service (DDoS) attacks against enterprise users.
“The prevalence of mobile devices and the widespread availability of downloadable apps that can be used for DDoS is a game changer,” said Stuart Scholly, president of Prolexic Technologies, which conducted its Q4 2013 Global DDoS Attack Report. “Malicious actors now carry a powerful attack tool in the palm of their hands, which requires minimal skill to use. Because it is so easy for mobile device users to opt-in to DDoS attack campaigns, we expect to see a considerable increase in the use of these attack tools in 2014.”
Data gathered in Q4 from attacks against Prolexic’s global client base shows mobile devices participated in a DDoS attack campaign against a global financial services firm. Digital forensics and attack signature analysis conducted by the Prolexic Security Engineering and Response Team (PLXsert) detected the use of AnDOSid, an Android operating system tool that performed an HTTP POST flood attack.
“Mobile devices add another layer of complexity,” Scholly said. “Because mobile networks use super proxies, you cannot simply use a hardware appliance to block source IP addresses as it will also block legitimate traffic. Effective DDoS mitigation requires an additional level of fingerprinting and human expertise so specific blocking signatures can be developed on-the-fly and applied in real-time.”
Prolexic believes developers of applications commonly used in DDoS attacks like Low Orbit Ion Canon (LOIC) will increasingly port them to mobile platforms in 2014. “Traditionally, some type of infection or malware was required,” said Scholly. “With mobile apps, malicious actors can choose to proactively participate in orchestrated DDoS attack campaigns. When you consider how many mobiles device users there are in the world, this presents a significant DDoS threat.”
Prolexic’s latest DDoS attack report shows the total number of attacks against its clients in Q4 2013 once again set a new record for one quarter, illustrating the heightened level of DDoS activity throughout 2013. Compared to the same quarter one year ago, total attack volume increased 26 percent. A week-by-week comparison to Q4 2012 shows increases in attack volume across eight of the 12 weeks of the quarter.
The largest DDoS attack Prolexic mitigated in Q4 peaked at 179 Gbps, which is the largest DDoS attack the company has faced to date. Attack sizes continue to grow and this quarter, Prolexic mitigated several attacks over 100 Gbps.
Click here to view the complete report.