CloudFare administrators report that they have detected a DDoS attack against their infrastructure involving an ad network as well as unsuspecting users who maliciously advertisements making them partners in attack.
The attack lasted only a few hours but managed to reach a volume close to 275.000 HTTP requests per second. The company also reports that they successfully mitigated the attack without having to download their server.
CloudFare says, speculate that this was a new kind of DDoS attack, in which ad networks and unsuspecting users are used.
The attack is channeled by real movement and by real people
According to researchers της εταιρείας, υποψιάζονται ότι μία τυχαία πλοήγηση των χρηστών στο web από τον υπολογιστή τους ή το κινητό τους, τους σέρβιρε ένα iframe το οποίο περιείχε μια διαφήμιση.
Iframe requested the content of an ad from the ad network, which in turn requested the content of that ad from the servers of the person who shares that ad.
Unknown to the user and the advertising network, the person who shares the ad (that is, the attacker) serves a malicious ad that contains JavaScript code and is intended to make a request to the victim (which in this case was a webpage hosted on the CloudFare infrastructure).
The attack came from the China
The attack was very innovative in its approach, and according to CloudFare, does not include one packet TCP like classic ddos attacks, but it looks like a real daily traffic.
After analyzing millions of log lines, CloudFare says that 99,8% of traffic originated from Chinese IP addresses. Attackers may come from the same country, mainly because of the comments left in the malicious JavaScript code, which was also in Chinese.
72% of users who initiated a ddos attack used a mobile device, 23% used a program tourof the desktop computer, while 5% of the users were from tablet users.