Increase in DDoS attacks was one of the popular cybersecurity predictions last year. With the growth of the sharing economy, we've definitely seen an increase in the number as well as damage caused. In fact, we've got a lot of our customers asking if DDoS attacks on mobile apps are possible. The short answer is definitely yes. But this post is to understand how DDoS attacks on mobile apps work and how you can be safe.
Let's start with some basics.
What is a DDoS Attack
Distributed Denial of Service attack is a type of cyber attack where multiple computers or devices usually infected with malware act as a network of bots and attack a server to make it unusable.
What do DDoS Attacks on Mobile Apps Look Like
Mobile apps, in general, are a threat to DDoS attacks. In fact, mobile apps have been used to control mobile devices that are used to perform a DDoS attack as well. One of the reasons why mobile apps are susceptible to these attacks is because it is easy for an attacker to profile the user itself and that tremendously increases the probability to be able to perform DDoS attacks on mobile apps in a successful manner.
Many social and sharing apps like Facebook, Linkedin, Instagram, Uber, Ola, Airbnb, etc. are all susceptible to such attacks because it is easier to profile individual users through their mobile devices. Another thing about mobile apps is that more often than not they aren't very well secured. We've done detailed studies on security issues in banking apps as well as security issues in e-commerce apps and have found more than 80% of apps in both cases to be weak in security. Remember, all these apps have transactions and money involved and the expectation for security is way higher.
So how does a DDoS attack on mobile apps look like? Well, if we take a really simple example then imagine someone built an app and put it on the mobile app store and you as a user downloaded this app. This app itself can either expose you to DDoS attack or open up some new security loopholes on your mobile device so that it can be used for a DDoS attack on some other server. This basically means the attacker has control on your device via the app that they built and you downloaded. This way, you can either be a victim of a DDoS attack or a source. Neither is a good sign.
DDoS attacks cause a lot of direct damage especially to companies since it blocks web traffic leading to reduced revenue, and also adds to a high cost in terms of remediation. Additionally, there's always the threat of losing the customer's trust which you've built over the years.
Numerous Apps Used to Launch DDoS Attack from Play Store
The WireX botnet (a collection of internet-connected devices) recently cause havoc around a world and disrupted many popular services. This was one of the first and biggest DDoS attacks on Android systems. This botnet was hidden within some 300 apps which were available officially on the Google Play Store. When users installed the app, WireX added individual mobile devices into a larger network which was then used to send junk traffic to certain websites in the effort to bring them down and make them unusable.
Google has removed roughly 300 apps from its Play Store after security researchers from several internet infrastructure companies discovered that the seemingly harmless apps—offering video players and ringtones, among other features—were secretly hijacking Android devices to provide traffic for large-scale distributed denial of service (DDoS) attacks.
Another large attack that caught everyone's attention last year was the Mirai botnet, which crippled the Internet and brought down sites such as Amazon, Github, PayPal, Reddit, and Twitter.
How to Prevent DDoS Attacks on Mobile Apps
So, what can you do to win the battle against these attacks? These rules apply to all mobile users, irrespective of whether it is for personal or enterprise use. Needless to say, it's even more important for enterprises because of the impact of the damage a DDoS attack can cause.
Think Twice, Always: Sometimes an app might sound like it's too good to be true. It's always good to look at it with some skepticism. Before you go ahead and download the app, make sure you read some reviews, check the ratings and even do a quick Google Search to know if there's some history with this app that might be troubling.
Stay Updated: Always ensure your mobile operating system, as well as the apps on it, are regularly updated. Manufacturers, as well as platforms and app developers, work with security companies to identify security issues and push critical updates that solve these security bugs. You won't benefit unless you update the app.
Choose Wisely: Always search a little more for the apps that you need for a particular purpose. If you see an app with bad reviews and ratings, a deeper search can help you find other apps with the same purpose but better.
Perform Security Audits: Try to establish different layers of security in your perimeter. As an enterprise, you can take advantage of the variety of sophisticated mobile app security solution providers to help with your security needs. As an individual user as well, ensure you have anti-malware apps on your mobile devices to help you detect any abnormalities.
With the vast amount of data flowing through the sharing economy, these apps are without a doubt a prime target for attackers - sometimes for ransom and sometimes just to disrupt services or exploit personal data of millions of users.
Make sure you are aware of all the security risks. Ensure the same awareness for your employees as well as customers.