Researchers at CloudFlare spotted a distributed denial-of-service (DDoS) attack that used mobile device browsers to flood a site with 4.5 billion requests.
The attack was recorded in late August and targeted a CloudFlare customer based in China. The browser based Layer 7 flood peaked at 275,000 HTTP request per second and was issued by 650,000 unique IPs, according to a blog post.
More than 99 percent of requests came from a Chinese IP address and nearly 80 percent came from mobile devices. Mobile versions of the Xiaomi’s MIUI browser,Safari, Chrome, and Tencent’s QQBrowser were used in the attack.
“Strings like ‘iThunder’ might indicate the request came from a mobile app. Others like ‘MetaSr’, ‘F1Browser’, ‘QQBrowser’, ‘2345Explorer’, and ‘UCBrowser’ point towards browsers or browser apps popular in China,” the post said.
Researchers said they were confident the attack didn’t involve a TCP (transmission control protocol) packet injection.
“Attacks like this form a new trend,” the post said. “They present a great danger in the internet — defending against this type of flood is not easy for small website operators.”
“We are unable to attribute the attack to a source,” Marek Majkowski, a researcher with CloudFlare, told SCMagazine via email correspondence. “One trend we have seen is that DDoS attacks are a big problem in China, even more so than in the North America.”
UPDATE: This article has been updated to include comments from CloudFlare