Mobile-App Botnets and DDOS - Our new reality unless you harden your mobile-apps

Joe Woodwell Joe Woodwell

Joe Woodwell

Account Manager with Claroty Co-Host of “Don’t Be Insecure” CISO Podcast.

发布日期: 2017年8月29日
+ 关注

I've been attempting to work with a client who specifically requested my help at the end of July to armor his company's mobile-apps but he has been impossible to reach the past several weeks. Now I know why, as it turns out that for nearly the past month, Content Delivery Network companies have been fighting DDOS attacks from an enormous Mobile-phone Botnet of Android phones infected with malicious apps from the Google Playstore.

Many of the 300-identified applications fell into the categories of media/video players, ringtones or tools such as storage managers and app stores with additional hidden features that were not readily apparent to the end users that were infected.The WireX Botnet apps do their dirty work within these modest apps with end-users completely unaware of the activity.

The interesting development is that the August 17th attack featured IP addresses from 100-participating countries, something unheard of in DDOS attacks.

Additionally, no single victimized company, nor DDOS vendor, nor intelligence company put all of the puzzle pieces together separately. This was only achieved as each party came together in an information sharing group to compare intel and began to collaborate on the problem. In the wake of Mirai, Wannacry, Petya, and other global attacks, it appears such groups are now the new model for rapid-response to increasingly complex security threats. The silver bullet for IT security is collaboration, not hiding and fighting alone.

Attacks began appearing August 2 and more broadly August 15th.

Apparently when analyzing historic log files and IP addresses, it appears this application-level botnet malware is operating above the operating system of the Android phones. It also is able to use the Android service architecture to run as a service in the background when the infected app isn't running.

Here is a link to a blog post overview of the Andorid mobile app WireX botnet: https://blog.cloudflare.com/the-wirex-botnet/

要查看或添加评论,请登录

Joe Woodwell的更多文章

社区洞察

其他会员也浏览了