An increasing number of Distributed Denial of Service (DDoS) attacks against businesses are coming from mobile devices, according to Prolexic Technologies.
The American-based DDoS protection firm released data from its fourth quarter 2013 report that suggests mobile applications have and will continue to play a more expansive role in such attacks.
The report gathered data from attacks against Prolexic’s clients and showed that one international financial services firm fell victim to such an attack. Subsequent digital forensics and attack signature analysis by the company detected the use of AnDOSid, an Android app that can mount an HTTP POST flood attack. The company has described the increase in such attacks as a game changer and accredits the increase to the availability of downloadable apps and the ease which users can join DDoS campaigns. The company also said it expected to see an increasing number of such attacks in the coming year.
Prolexic president Stuart Scholly said he believes that applications commonly used in DDoS attacks like Low Orbit Ion Canon (LOIC) will increasingly become ported to mobile platforms in 2014.
”With mobile apps, malicious actors can choose to proactively participate in orchestrated DDoS attack campaigns. When you consider how many mobiles device users there are in the world, this presents a significant DDoS threat,” he said.
Scholly also said mobile devices added another level of complexity to the problems faced when combating such attacks. Due to the use of super proxies by mobile networks and the difficulties in blocking source IP addresses without impeding legitimate traffic.
The report stated that there was a 26 percent increase in total DDoS attacks against Prolexic clients in Q4 2013 from the same time in 2012. The largest of these attacks that the company was able to mitigate peaked at 179 Gbps. The main target for such attacks is still infrastructure which accounted for over 76 percent of total attacks recorded in the quarter.
This story, "Mobile devices become launchpads for DDoS attacks" was originally published by ARNnet.