Source: Kai Oberhäuser on Pexels.
DDoS or Distributed Denial of Service attacks are the great bogeyman of the internet - vague and mysterious to many, and all the more threatening for it - but the idea is relatively straightforward when compared to lesser known concerns like cross-site scripting; DDoS attacks launch data at a web service or server until it breaks.
As far as the tools of cybercrime go, DDoS attacks have been around for a long time but it's debatable when they first became a part of the public consciousness. Last year, a DDoS attack involving the Mirai "botnet" -- a horde of zombie devices twisted to the whims of a criminal -- took down half the internet by overwhelming the company responsible for turning domain names into IP addresses - Dyn. Early attacks go back to 1995 though, when an Italian activist group used the technique to protest nuclear policy in France.
So, with online criminals recruiting everything they can get their virtual paws on into botnets, including "smart" security cameras and baby monitors, why isn't the world living in terror of an Android or iOS-based DDoS attack? With around 2.32 billion devices on the market, the attack "surface" (i.e. the size of the space that attackers can exploit) presented by smartphones is enormous but the only major example of what could be deemed a DDoS attack on mobile was, ironically, done by users themselves way back in 2004.
Happy New Year
According to UK website The Register, a glut of "Happy New Year" texts and phone calls sent on the last day of 2004 added significant pressure to mobile phone networks throughout the country, slowing delivery to a crawl. It has to be the most mundane, accidental denial of service attack in history but it's nevertheless indicative of the kind of situation people were scared of just after the turn of the millennium. Experts at the University of Pennsylvania State suggested that "SMS-overload" could disable communications even in huge cities like Washington.
Security is a major concern for any businesses with an online presence and many install web application security solutions and DDoS mitigation to mitigate the threat. For instance, web application firewalls - cloud-based security barriers that stand between malicious traffic and delicate systems - protect against SQL injections, cross-site scripting, and other distinctly modern ills. Botnet protection keeps your router or webcam from launching a DDoS attack.
Source: JÉSHOOTS on Pexels.
Recruiting a phone into a botnet usually requires the owner to download a fake app - a trojan, a type of malware that pretends to be something harmless to trick users into installing it - to give a criminal access. For example, a DDoS Trojan called Android.DDoS.1.origin imitates the Google Play Store but, behind the scenes, it works with a handler to send text message spam or join a larger botnet.
As both Google and Apple vet their apps before adding them to their respective stores, fake software, malware, ransomware, and a range of other concerns usually come from unofficial third-party providers. With that in mind, malware is almost the exclusive domain of the more experimental mobile phone users or people who download pirated apps. So, while it has been true that almost all mobile malware is on Android, only a fraction (0.1%) came from the Play Store; the rest is hidden out in the wilds of mobiledom.
Finally, most internet activity on mobile phones is undertaken in apps. As apps use dedicated connections (Pokémon Go only connects to Niantic while the BBC app only talks to the BBC's servers, for example) they can be more secure than a mobile browser, simply because Chrome and Internet Explorer encounter more potential threats from ad networks and dodgy links. Mobile is more of an exclusive club or "walled garden" than desktop, presenting far fewer opportunities for criminals to take advantage of.
Few days ago, Microsoft released a patch for a critical remote code execution vulnerability, CVE-2015-1635 (MS15-034). Now, it has been spotted being exploited in the wild by researchers at the SANS Institute.
"Denial of Service (DoS) exploits are widely available to exploit CVE-2015-1635, a vulnerability in HTTP.sys, affecting Internet Information Server (IIS)," noted Johannes Ullrich, Chief Technology Officer of the SANS Internet Storm Center. The vulnerability affects Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.
According to UK research firm Netcraft, over 70 million websites hosted on around 900,000 servers could be vulnerable. "Due to the ease with which this vulnerability can be exploited, we recommend that you expedite patching this vulnerability" - Ullrich said.