The experts explained that the DDoS attack relied on a JavaScrip that generates legitimate HTTP requests.
The possible exploitation of ad network was discussed two years ago at the Black Hat conference by the experts Jeremiah Grossman and Matt Johansen.
Unfortunately, this kind of DDoS attack is being popular in the hacking community, in April security researchers from the University of California at Berkeley and the University of Toronto have uncovered a powerful weapon of the Chinese Government cyber arsenal, dubbed the Great Cannon, used to hit websites with powerful DDoS attacks. The Great Cannon has been used by Chinese authorities to knock-out two anti-censorship GitHub pages and it can be also used as a hacking tool to silently install malware on the targeted machine.
Another similar DDoS attack was uncovered last week, experts at Imgur discovered that a vulnerability in the platform was exploited by attackers to target the imageboards 4chan and 8chan.
Now, CloudFlare noticed a large number of HTTP requests addressing one of its customer’s website, the DDoS attack peaked at over 1 billion requests per hour. The experts observed a total of 4.5 billion requests reaching the content delivery network’s servers on the day of the attack.
The overall number of unique IP addresses originating the requests is 650,000, 99.8 percent these addresses belong to China.
Experts at CloudFlare discovered that nearly 80 percent of the requests were originated from mobile devices (mobile apps and browsers commonly used by Chinese users).
“Attacks like this form a new trend,” states a blog post published by CloudFlare. “They present a great danger in the internet — defending against this type of flood is not easy for small website operators.”
CloudFlare researchers excluded that the DDoS attack was conducted by injecting TCP packets like observing in the DDoS attack conducted by the Great Cannon.
CloudFlare provided the following description for the attack scenario:
(Security Affairs – DDoS, Java Script)