BankBot – The Malware Trojan Targeting Your Finances
In a world where much of our banking is done online, it’s never been more…
On August 17, a huge DDoS attack took place, affecting around 300 different Android apps and prompting an emergency response from Google.
The attack was orchestrated by WireX, which is basically a network of bots that aim to infiltrate devices and use them to take down websites and servers.
It stands for Distributed Denial of Service, and is a particularly tricky threat to identify and defend against. Basically, it relies on a network of bots, devices infected with malware putting them under the control of one attacker.
Once the network (or botnet) is big enough, it can be used to direct huge amounts of traffic to a target site. Basically, every infected device is ordered to visit a certain site or server, which becomes overwhelmed by the enormous amount of traffic. This can cause the site to shut down temporarily, or deny access to real users.
The whole attack takes place without the knowledge of the owners of infected devices. For example, in the WireX attack, users would unwittingly download malicious apps, after which the malware would lodge itself in their devices. Running secretly in the background, the software was able to perform its duties as long as the device was switched on, unknown to the owner.
There are numerous reasons why DDoS attacks are used, such as a way to eliminate business competition or by activists to bring down a cause they feel is unethical. Of course, as with all malware attacks, there may be no good reason at all.
WireX oversaw one of the biggest DDoS attacks ever. According to a press release, the number of affected devices was around 70,000, although this number could well be much higher. The device spanned 100 countries.
One worrisome aspect of the WireX malware was its ability to encrypt the traffic it sent to target sites. Normally with DDoS attacks victims are able to recognise which traffic is made up of legitimate visitors, and which is DDoS bots. In this case, however, it was more difficult to identify the dodgy traffic, making it much tougher to defend against.
In response to the attack, DDoS security experts Akamai banded together with several other companies, including Google, to co-ordinate a defence. Now, they’re working on kicking the infected apps out of the Google Play store for good.
The future for DDoS attacks like this is uncertain, but large-scale attacks like this one and the Mirai attack of last year are showing that this threat is becoming more and more prominent.
While large companies such as Google will no doubt be taking steps to avoid this kind of crisis happening again, there are also a number of steps possible DDoS targets can take to stay safe.
Generally speaking, most people aren’t really at risk from DDoS attacks. This type of malware targets relatively large-scale businesses and institutions for the most part, where something is to be gained from shutting them down.
If, however, you have a website that attracts a reasonable amount of traffic, you could still be at risk. To stay safe, keep an eye out for suspicious spikes in traffic. More visitors is almost always a cause for celebration, but try not to let your jubilation get in the way of common sense.
A huge, unprecedented spike in traffic might be more indicative of an attack than a sudden surge in popularity.
Your Internet Service Provider might also be able to help, by providing more bandwidth to minimise the effects of an attack. However, ISPs often aren’t fully clued up on new threats, and there’s a limit to what they can do to help. They’re also unlikely to help out for free.
If your business has been a victim of a DDoS attack, your reaction might be one of embarrassment. It’s tempting to try and hide the details of the attack to avoid reputational damage, but a report on the WireX attack suggests this is not only ill-advised but also impossible.
The report notes that DDoS attacks can no longer be hidden. Basically, if you’ve been hit by one, everyone is going to find out anyway. Trying to hide it is futile, but sharing the information could be a real help in preventing future attacks. As the report says, “There are few benefits to being secretive and numerous benefits to being forthcoming.”
Devices infected with DDoS software generally aren’t at risk, although it should make users think twice about what they’re downloading – next time you might not be so lucky.