Botnets pose an increasingly serious threat as connected devices are emerging at a fast and constant rate, creating a vast attack surface.
A formidable botnet called WireX targeting Android devices to launch DDoS attacks has been traced, with a team of high profile members banding together to tackle the threat.
Along with Google and Akamai, Oracle Dyn, Cloudflare, Flashpoint, and RiskIQ are also contributing to the effort to take the fight to WireX.
The botnet has found to be targeting content providers and content delivery networks. Google is at the core of this initiative because its own Play Store was found to be carrying the malicious threat.
Following this discovery, a major application exodus took place, and Google is now turning to eradicate WireX from devices.
A blog post from the consortium on the attack said: “The first available indicators of the WireX botnet appeared on August 2nd as minor attacks that went unnoticed at the time. It wasn’t discovered until researchers began searching for the 26 character User-Agent string in logs. These initial attacks were minimal and suggest that the malware was in development or in the early stages of deployment. More prolonged attacks have been identified starting on August 15th, with some events sourced from a minimum of 70,000 concurrent IP addresses, as shown in Figure 1.”
Botnets are taken extremely seriously, with memories of the notorious Mirai Botnet still haunting many. The huge influx in the use of connected devices has increased the scale and accelerated the advance of the threat.
“These discoveries were only possible due to open collaboration between DDoS targets, DDoS mitigation companies, and intelligence firms. Every player had a different piece of the puzzle; without contributions from everyone, this botnet would have remained a mystery,” the blog post continued.
This marks yet another instance in which collaboration is proving to be essential for the purpose of security, with the tactics of walls and shields surrounding an organisation relegated to the past.
The blog post concluded: “The best thing that organizations can do when under a DDoS attack is to share detailed metrics related to the attack. With this information, those of us who are empowered to dismantle these schemes can learn much more about them than would otherwise be possible.”