WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Mobile applications increasingly being used for DDoS attacks

Prolexic Technologies has reported that mobile applications are being used in DDoS attacks against enterprise customers. This is one of many findings in the company’s Q4 2013 Global DDoS Attack Report, which was published this week and can be downloaded from www.prolexic.com/attackreports

“The prevalence of mobile devices and the widespread availability of downloadable apps that can be used for DDoS is a game changer,” said Stuart Scholly, president of Prolexic. “Malicious actors now carry a powerful attack tool in the palm of their hands, which requires minimal skill to use. Because it is so easy for mobile device users to opt-in to DDoS attack campaigns, we expect to see a considerable increase in the use of these attack tools in 2014.”

Data gathered in Q4 from attacks against Prolexic’s global client base shows that mobile devices participated in a DDoS attack campaign against a global financial services firm. Digital forensics and attack signature analysis conducted by the Prolexic Security Engineering and Response Team (PLXsert) detected the use of AnDOSid, an Android operating system tool that performs an HTTP POST flood attack.

“Mobile devices add another layer of complexity,” explained Scholly. “Because mobile networks use super proxies, you cannot simply use a hardware appliance to block source IP addresses as it will also block legitimate traffic. Effective DDoS mitigation requires an additional level of fingerprinting and human expertise so specific blocking signatures can be developed on-the-fly and applied in real-time.”

Prolexic believes that developers of applications commonly used in DDoS attacks like Low Orbit Ion Canon (LOIC) will increasingly port them to mobile platforms in 2014.

“Traditionally, some type of infection or malware was required,” said Scholly. “With mobile apps, malicious actors can choose to proactively participate in orchestrated DDoS attack campaigns. When you consider how many mobiles device users there are in the world, this presents a significant DDoS threat.”

•Date: 15th January 2014 • World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here