In Q4 of 2013, the Prolexic Security Engineering and Response Team (known as “PLXsert”) discovered via digital forensics and attack signature analysis that mobile devices participated in a DDoS attack campaign against a client in the global financial services sector. Specifically, PLXsert detected the use of AnDOSid, an Android operating system tool that performs an HTTP POST flood attack.
A Perfect Recipe for Large-Scale Attacks
Prolexic president Stuart Scholly said huge number of mobile devices in existence as well as the ease of downloading malware make mobile DDoS “a game changer”.
“Mobile devices add another layer of complexity,” Scholly said in a statement. “Because mobile networks use super proxies, you cannot simply use a hardware appliance to block source IP addresses as it will also block legitimate traffic. Effective DDoS mitigation requires an additional level of fingerprinting and human expertise so specific blocking signatures can be developed on-the-fly and applied in real-time.”
Prolexic anticipates the creators of DDoS applications (like Low Orbit Ion Canon) to increasingly port them to mobile platforms in 2014.
Larger DDoS Attacks Ahead in 2014
Prolexic’s Q4 2013 Global DDoS Attack Report also illustrated the greater level of DDoS activity throughout 2013. Compared to Q4 2012, there was a 26 percent increase in DDoS attacks, a 17 percent increase in application layer (Layer 7) attacks, and a 29 percent increase in infrastructure layer (Layer 3 & 4) attacks. Infrastructure attacks accounted for 77 percent of total attacks during the quarter, and application layer attacks made up the rest.
“Looking back over 2013, a number of significant DDoS trends were observed,” Scholly stated. “These include the emergence of Layer 7 toolkits, the rise in DDoS-for-hire services, the resurrection of amplified Distributed Reflection Denial of Service (DrDoS) attacks as a common and powerful attack vector, as well as the steady rise in the number of DDoS attacks originating from Asian countries.”