Skip to main content

When Androids Attack: Protecting Against WireX Botnet DDoS Attacks

By: Mohammed Al-Moneer, Regional Director, MENA at A10 Networks

It appears Mirai may have some competition. And its name is WireX.

Google recently removed roughly 300 apps from its Play Store after researchers found that the apps in question were secretly hijacking Android devices to feed traffic to wide-scale distributed denial of service (DDoS) attacks against multiple content delivery networks (CDNs) and content providers.

The WireX botnet is to blame. Akamai researchers first discovered WireX when it was used to attack one of its clients, a multinational hospitality company, by sending traffic from hundreds of thousands of IP addresses.

The malicious applications in question included media and video players, ringtones and other tools like storage managers. According to Gizmodo, the nefarious apps contained hidden malware that could use an Android device to participate in a DDoS attack as long as the device was powered on.

It’s unclear how many devices were infected – one researcher told KrebsOnSecurity that WireX infected a minimum of 70,000 devices, but noted that estimate is conservative. It is believed that devices from more than 100 countries were used to participate in the attacks.

Protecting Mobile Networks from Weaponized Smartphones

WireX, much like its predecessor Mirai, illustrates the importance of protecting your network and applications from attacks. Large-scale attacks can come from anywhere, even a botnet comprising tens of thousands of Android devices. As these types of attacks grow in frequency, sophistication and size, organizations need to solutions in place to stop them before they have the opportunity wreak havoc.

WireX is unique in that it introduces a new threat: Weaponized smartphones, which introduces billions of endpoints ripe for infection that can propagate bad agents upon a mobile network.

Traditionally, mobile and service provider networks are protected against attacks that come in through the Internet. However, many critical components are left unprotected based on the assumption that attacks will be stopped at the Internet edge. Attacks like WireX change this paradigm.

WireX proves that attacks can originate from inside a mobile network as well, and a few thousand infected hosts can affect the brain of a mobile network. These infected smartphones will eventually start to attack the critical components of mobile networks, and the potential fallout from that could be tremendous.

Attacks like WireX reinforce the need for service providers to protect their key assets on all fronts – not just from attacks from the outside, but from the inside as well.

WireX botnet news is yet another example of seemingly harmless apps being hijacked and used for large-scale DDoS attacks. WireX is an app store delivery problem, but as is often the case, there is probably more - careless employees, poor security hygiene, lack of multi-factor authentication, etc. How often has does this happen? Do IT professionals even know when it does? A10 Networks’ recent research throws up some interesting findings:

38% of IT decision-makers say their company endpoints and infrastructure have suffered a botnet attack at least once; 12% are not sure if this has occurred.

One in four (27%) of employees surveyed doesn’t know what a botnet is – and one out of three (37%) employees surveyed aren’t familiar with DDoS attacks – making it hard to protect someone when they don’t know what the dangers are. 

Almost half (48%) of IT leaders agree or strongly agree that their employees do not care about following security practices. 

Only two of five (41%) employees claim responsibility for the security and protection of non-business apps they use. 

To combat attacks like WireX, service providers and mobile network operators need an intelligent, scalable DDoS defense solution between smartphones and the mobile network infrastructure, both the internal and external. To address this sophisticated type of attack, a modern DDoS solution requires intelligence to understand the changing nature of a polymorphic attack, which has the ability to change signatures and varying headers, like those launched by WireX.

Placing high-performance, scalable and intelligent threat protection in the mobile network will help service providers defend against these billions of weaponized endpoints and empower them to detect online threats and multi-vector attacks types of attacks, learn from them and, most importantly, stop them.

Comments

Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…

Insurtech startup Kruzr raises $1.3 Million from Saama Capital and Better Capital

InsurTech startup Kruzr has raised 1.3 Million USD (Rs. 9.5 Cr) for its seed round led by Saama Capital with participation from Better Capital. Kruzr is a preventive motor insurance technology which helps insurance companies personalize policy premiums & improve their risk model by delivering an engaging preventative driving assistant to their customers. Kruzr is founded by Pallav Singh, Ayan, and Jasmeet Singh Sethi.

Kruzr blends the power of voice technology and artificial intelligence in its personal driving assistant that helps drivers minimize mobile distractions, drowsy driving, speeding and external risks like weather and accident-prone zones. In pilots with insurers, Kruzr managed to cut down distracted driving by 80%. Kruzr is working with motor insurance companies in Europe, UK and India to bring its technology to their customers to prevent accidents & improve claims.

“Road accidents cause over 1.3 million deaths globally every year, and motor insurance companies los…