RESEARCHERS AT CLOUDFLARE have found another internet risk to keep you awake at night, and this one relates to mobile phone browsers.
That is as close to our pockets as we want to take a distributed denial-of-service (DDoS) threat, and it is plenty far enough. CloudFlare alerts us to the risk through a blog post revealing how the security firm has seen such a thing in the wild, and what a bad egg it is.
Of course, there is malware involved and CloudFlare said that it is spiked adverts and iframes that have caught users out and helped hook up a takedown system with the beans to send out 4.5 billion page requests on victim firms.
Such attacks are not new to CloudFlare, but this one was unusually large. "CloudFlare servers are constantly being targeted by DDoS attacks. We see everything from attempted DNS reflection attacks to L7 HTTP floods involving large botnets," the company said.
"Recently an unusual flood caught our attention. A site reliability engineer on call noticed a large number of HTTP requests being issued against one of our customers."
The firm found evidence of a browser-based L7 flood considered theoretical until now, with significant resources and thus a significant amount of threat and swagger. CloudFlare tracked the attack, which was aimed at one company, and found that it picked up pace during its course.
"The flood ramped up over time, with the peak at about 1,400 UTC. During that day we received 4.5 billion requests against the targeted domain, issued by 650,000 unique IP addresses," CloudFlare said.
"The referrer domains were distributed fairly uniformly. Whoever attacked us had control over a large number of domains. Attacks like this form a new trend. They present a great danger in the internet. Defending against this type of flood is not easy for small website operators."
The attack is enabled when someone browses the web or opens an app. So, yeah, it's your fault. µ
Another week of Google news in brief
It was nice knowing you, sort of
Third time unlucky
Customers are unable to make payments or transfer money