The unusual incident made use of an online ad network to generate malicious traffic, according to researchers
Security researchers have unearthed a distributed denial-of-service (DDoS) attack that used advertising traffic from hundreds of thousands of Chinese smartphones to help knock a website offline.
In the incident, traffic derived from smartphones, as well as a smaller proportion of desktops and tablets, was used to hit a website with about 4.5 billion requests from a total of about 650,000 unique IP addresses during the course of a single day, according to CloudFlare, which said one of its customers had been targeted.
Attacks making use of malicious traffic drawn over legitimate advertising networks are unusual, but represent a growing threat, CloudFlare said. The incident also highlights the online world’s shift toward a predominance of mobile devices.
China has become a major market for smartphones, recently surpassing the US to become Apple’s top iPhone market.
CloudFlare said it wasn’t possible to determine why so many smartphones were involved – 80 percent of the requests originated from mobile devices, including 72 percent smartphones and 5 percent tablets, compared to 23 percent desktops – but said the malicious ads are likely to have been displayed on sites frequented by mobile users. All but 0.2 percent of the requests originated from China, the company said.
Overall, the frequency of DDoS attacks continued to rise during the second quarter of 2015, doubling year-on-year for the third quarter in succession as instances of “mega attacks” also became more common, Akamai said last month.
‘New attack trend’
The incident represents a new form of abuse for online advertising networks, CloudFlare said. Such networks give advertisers access to large numbers of web users, and have been made use of to implant malicious code on users’ systems in a number of recent high-profile incidents.
“Attacks like this form a new trend,” CloudFlare stated. “They present a great danger in the internet — defending against this type of flood is not easy for small website operators.”
Are you a security pro? Try our quiz!