It appears Mirai may have some competition. And its name is WireX. Google recently removed roughly 300 apps from its Play Store after researchers found that the apps in question were secretly hijacking Android devices to feed traffic to wide-scale distributed denial of service (DDoS) attacks against multiple content delivery networks (CDNs) and content providers.
The WireX botnet is to blame. Akamai researchers first discovered WireX when it was used to attack one of its clients, a multinational hospitality company, by sending traffic from hundreds of thousands of IP addresses. The malicious applications in question included media and video players, ringtones and other tools like storage managers. The nefarious apps contained hidden malware that could use an Android device to participate in a DDoS attack as long as the device was powered on.
It’s unclear how many devices were infected – one researcher told KrebsOnSecurity that WireX infected a minimum of 70,000 devices, but noted that estimate is conservative. It is believed that devices from more than 100 countries were used to participate in the attacks.
Protecting Mobile Networks From Weaponised Smartphones
WireX, much like its predecessor Mirai, illustrates the importance of protecting your network and applications from attacks. Large-scale attacks can come from anywhere, even a botnet comprising tens of thousands of Android devices. As these types of attacks grow in frequency, sophistication and size, organisations need to solutions in place to stop them before they have the opportunity wreak havoc.
WireX is unique in that it introduces a new threat: Weaponised smartphones, which introduces billions of endpoints ripe for infection that can propagate bad agents upon a mobile network. Traditionally, mobile and service provider networks are protected against attacks that come in through the Internet. However, many critical components are left unprotected based on the assumption that attacks will be stopped at the Internet edge. Attacks like WireX change this paradigm.
WireX proves that attacks can originate from inside a mobile network as well, and a few thousand infected hosts can affect the brain of a mobile network. These infected smartphones will eventually start to attack the critical components of mobile networks, and the potential fallout from that could be tremendous.
Attacks like WireX reinforce the need for service providers to protect their key assets on all fronts – not just from attacks from the outside, but from the inside as well.
To combat attacks like WireX, service providers and mobile network operators need an intelligent, scalable DDoS defence solution between smartphones and the mobile network infrastructure, both the internal and external. To address this sophisticated type of attack, a modern DDoS solution requires intelligence to understand the changing nature of a polymorphic attack, which has the ability to change signatures and varying headers, like those launched by WireX.
Placing high-performance, scalable and intelligent threat protection in the mobile network will help service providers defend against these billions of weaponised endpoints and empower them to detect online threats and multi-vector attacks types of attacks, learn from them and, most importantly, stop them.