The Mobile DDoS Epidemic: How Your Phone Could Help Bring Down a Website

There are certain types of people that simply see opportunity everywhere. The type of people that were long ago able to look at sour milk and see cottage cheese, or find bread fermenting in water and against all logic decide to drink it, discovering beer.

It turns out that opportunity is everywhere, so long as you’re looking for it. Fortunately for the world, creative geniuses and inventors often are. Unfortunately for the world, so are the people that are dedicated to wreaking havoc. When mobile phones went from a rare, luxury item to being in the hand of every person over the age of 8 in the developed world, it was only a matter of time before certain types of people found a way to use them en masse for malicious purposes.

Well, that time has most definitely arrived. The device currently in your hand, pocket or purse could be used by hackers all over the world to launch DDoS attacks. Read on for details on how it’s happening, what you need to do as a mobile device user, and what you need to do as a website owner in the midst of the mobile DDoS epidemic.

DDoS details

A DDoS attack, otherwise known as a distributed denial of service attack, is a fancy way of saying that a great deal of compromised systems are used to target one system, such as a website or server, knocking it offline or otherwise denying its services to users. The compromised systems used in DDoS attacks are commonly called bots. Multiple bots form what is called a botnet. And with a botnet at his or her disposal, an attacker can flood the target with a large amount of traffic, overwhelming its resources or bandwidth.

All it takes is an Internet connection

In the past, bots have typically been thought of as compromised computers, usually infected by a Trojan or other malware without the owner even knowing it. However, because mobile devices like smartphones and tablets are connected to the Internet and have many of the same capabilities as computers, they can just as easily be infected and taken over by an attacker.

Downloading compromised software or becoming infected by malware from pop-up ads on questionable websites have long been common occurrences for Internet users. But with the advent of mobile apps and devices, attackers have found a new method of exploitation.

The rise of mobile malvertising

A DDoS protection service recently mitigated what would have been a crippling DDoS attack. It peaked at 275,000 HTTP requests per second and came from a jaw-dropping 650,000 unique IP addresses, largely from China.

DDoS attacks this massive and potentially devastating are unfortunately very common today. What was uncommon about this particular attack was where the attack traffic was coming from: instead of originating from scripts or malware, as is usually the case in HTTP-based attacks, the traffic appeared to be coming from real browsers. The DDoS protection service further found that 80% of the traffic came from smartphones and tablets.

The source of it all? Malicious ads loaded within apps and browsers on these mobile devices. Essentially, an ad network had been compromised and was tricked into distributing ads that contained malicious code. This code then loaded a script in the browsers of devices, instructing the browsers to send HTTP requests to the target. This ‘malvertising’ has been used to infect computers for years, but it’s a completely new distribution vector on mobile devices.

Botnets on the move

With mobile devices becoming instruments of DDoS attacks, an interesting phenomenon has emerged: mobile botnets. Leading DDoS protection services often keep a handle on where bots are coming from by tracking the country of origin. The list of originating countries often contains all the usual suspects: the US, China, Turkey and India.

However, in 2014 DDoS mitigation service Incapsula found that Brazil had leapfrogged onto the list, landing in fourth place. While it’s hard to definitively say why so many bots were in Brazil in 2014, Incapsula speculates that it could have been due to the one million tourists that made their way into the country for the World Cup. That’s a lot of mobile devices right there.

Your next steps

If you’re a mobile device user – which, yes, you are – unless you like the idea of some faceless internet attacker taking over your mobile device for malicious purposes, you need to be careful with what you download, what apps you use, and what websites you visit, just as you would on your computer.

If you’re a website owner or you’re otherwise in charge of a website’s security, you need to be aware that attackers are constantly innovating. They are finding new ways to create botnets and launch crippling DDoS attacks that can take your website offline, cause a loss of user and consumer trust, can cause hardware or software damage, or lead to the theft of intellectual property, financial data or consumer information.

With the proliferation of mobile devices, DDoS attack opportunities are almost everywhere. Mobile device users, website owners, and all alike need to be proactive instead of reactive when it comes to these crippling attacks. As a website owner, you need to be the type of person who sees one step ahead of attackers. Invest in professional DDoS protection before you’re investing in DDoS attack clean-up.