Home Hackers Mobile Ad Network Used in DDoS Attack on CloudFlare CDN Service

Mobile Ad Network Used in DDoS Attack on CloudFlare CDN Service

Posted: September 28, 2015

ddos attack mobile ads cloudflare cdnDDos (Distributed Denial of Service) attacks are becoming a serious annoyance for webmasters and companies around the world who have some sort of presence on the Internet. In most DDoS attacks, hackers will use several compromised systems to flood a site or server with an abundance of traffic, so much that the server cannot handle it and eventually crashes. The latest DDoS attack comes off of the heels of a mobile ad network that utilized CloudFlare's platform to infest an ad network to display malicious advertisements – a rather clever technique that is not as common as the traditional sense of flooding a site with traffic.

CloudFlare is among a handful of large CDNs (Content Delivery Networks) that assist websites with the distribution of their web traffic. Such services act as a backbone to deliver and perpetuate site data and their traffic throughout the world essentially lessening the load on servers which results in better web page performance and shorter load times. Additionally, such services provide an additional layer of web security.

In an unfortunate series of events, it turns out that CloudFlare's infrastructure suffered a DDoS attack that involved an advertising network that distributed ads on mobile platforms. The attack lasted for a few hours but managed to reach a peak volume of 275,000 HTTP requests per second.

With such a large number of requests in the short period of time, the damages have yet to be seen. Additionally, real web traffic and computer users at the other end of the attack were served up potentially malicious advertisements during the attack that may later result in JavaScript code launched to attack the victimized computer users.

Researchers are steadily looking into the depth of this recent DDoS attack and so far have uncovered the fact that the attack originated from China. From CloudFlare's analysis of the situation, it was found that 99.8% of the traffic during the attack came from Chinese IP addresses. Moreover, the attackers responsible for the bout left Chinese comments in the malicious JavaScript code.

The attack is suspected to have been very creative and didn't involve the common TCP packet injection that services like CloudFlare automatically look for to stop such attacks.

CloudFlare is a huge entity among those that serve web traffic around the world. Essentially, CloudFlare is not a rookie when it comes to DDoS attacks. However, the recent DDoS attack via a mobile ad network is an unusual occurrence that may have been conducted by rather clever hackers that may be located in China.

In verifying that the ad network succumbing to the attack was one delivering mobile ads was easy. CloudFlare simply examined the percentage of each type of ad served and about 72% of the users were using a mobile device. Also pointing to mobile ads being the attacking agent was the finding of several user agent strings containing data were from mobile apps.

Even though the DDoS lasted for but a few hours, it is a lesson to learn from and take the necessary precautions on CloudFlare's part so they may capture such attacks and stop them sooner in the future. For end-users, it is best that we keep all software updated and avoid the download and installation of questionable third-party apps on mobile devices.

Loading...