Cyber attacks are an increasing and dangerous threat which is perpetrated by groups and countries alike, these attacks are a substantial threat to free speech, livelihoods of website operators and also the whole infrastructure of the Internet. It’s no surprise to learn that a huge DDoS attack against a target website resulted in 650,000 devices being unwittingly enrolled into a giant cyber attack which overwhelmed its target.
And where did this attack originate from? That’s right, our friends over at the democracy-suppressing Truman Show style country that is China. The attack transmitted a staggering 4.5 billion separate requests for data in one day to the target destination. Below is an image which analyses the log timeframe of HTTP requests per hour, as you can see, requests for data ramped up dramatically within only a relatively small period of time before dissipating.
Since the attack had been levelled at a client of US Company CloudFlare, they were able to “write a dedicated script and were able to further analyze 17M log lines, about 0.4% of the total requests” They found that 99.8% of the flood was originating from China while 0.2% was labelled as “Other” They were also able to determine that 80% of the requests came from mobile devices .
So, how is it possible to booby trap an amazingly high number of devices? CloudFlare security analyst Marek Majkowski speculated that an ad network might have been the root cause which was compromised and used as a distribution vector for the attack. “It seems probable that users were served advertisements containing malicious JavaScript. These ads were likely shown in iframes within mobile apps, or mobile browsers to people while they were casually browsing the internet”
Think of this speculated but plausible scenario like this, while a user was browsing the Internet or through an app, he or she was served an iframe which contained an advertisement. This ad had been requested from an ad network who then forwarded the request to a third-party that won the ad auction. This meant that either the third-party was the “attack page” or it forwarded the user to an attack page, by doing this the user was served a page containing malicious Java Script which then launched a flood of XHR requests against CloudFlare servers.
CloudFlare have declined to name the company which had their server attacked but are warning against future cyber attacks with the same level of intensity. It’s a worrying trend which has many outlets including the Darth Vader weapon of choice “The Great Cannon.” This is also not serving the long-established technique of serving ads to consumers via the Internet, if advertisements are increasingly being injected with malicious code, consumers are going to use extensions to block them.
The Internet connects the world and is seen as a necessity and therefore a human right by powerful individuals, what countries want you to see on the net, well, that’s a whole different ball game.
Thank you blog.cloudflare for providing us with this information.
Image courtesy of cloudpro
According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…
A new AMD processor in the form of an engineering model has been leaked in…
SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…
SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…
Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…
Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…