For carrying out an unusual DDoS-attack mobile advertising is used.
The Cloudfare team recently discovered an unusual DDoS attack . To carry out this attack, the attackers used mobile advertising, thanks to which they were able to generate DDoS with a capacity of up to 275,000 HTTP requests per second. The attack was discovered fairly quickly due to the fact that the attackers used a client’s service site to carry it out.
This type of flooding was already known as Layer 7 HTTP flood, while experts believed that it was very difficult to organize such an attack. However, unknown (so far) attackers succeeded due to the implementation of the corresponding JavaScript in advertising. So we managed to get a constant and very strong traffic flow that was directed to the target site. In total, more than 4.5 billion requests were recorded per day.
The number of IP addresses involved in the attack reached 650,000. Chinese traffic was used mainly, approximately 98% of the attacking IPs belonged to this region. The maximum number of requests came from smartphones - about 72%. Then 23% of requests came from desktop PCs, and 5% from tablets. Safari, Chrome, Xiaomi's MIUI and Tencent QQBrowser were among the browsers involved in the attack.
')
According to experts, in these browsers were used iframe with advertising with embedded malware - JavaScript. In CloudFlare believe that attacks of this type must be carefully studied, since there is a high probability of the repetition of this type of attack in the near future. And to protect against them is very difficult.
This type of flooding was already known as Layer 7 HTTP flood, while experts believed that it was very difficult to organize such an attack. However, unknown (so far) attackers succeeded due to the implementation of the corresponding JavaScript in advertising. So we managed to get a constant and very strong traffic flow that was directed to the target site. In total, more than 4.5 billion requests were recorded per day.
The number of IP addresses involved in the attack reached 650,000. Chinese traffic was used mainly, approximately 98% of the attacking IPs belonged to this region. The maximum number of requests came from smartphones - about 72%. Then 23% of requests came from desktop PCs, and 5% from tablets. Safari, Chrome, Xiaomi's MIUI and Tencent QQBrowser were among the browsers involved in the attack.
')
According to experts, in these browsers were used iframe with advertising with embedded malware - JavaScript. In CloudFlare believe that attacks of this type must be carefully studied, since there is a high probability of the repetition of this type of attack in the near future. And to protect against them is very difficult.
Source: https://habr.com/ru/post/368555/
All Articles