Mobile Ad Networks as DDoS Vectors: A Case Study

CloudFlare recently experienced a large-scale HTTP flood attack originating from millions of legitimate-looking HTTP requests issued by real browsers. The attack was unusual as it appeared to be browser-based and targeted one of their customers' servers with over 275,000 HTTP requests per second. The investigation revealed that the malicious script causing the flood was launched through an ad network, likely embedded in mobile apps or websites viewed by users. This type of attack presents a significant threat to internet security as it is difficult for small website operators to defend against such sophisticated attacks. However, CloudFlare's infrastructure can handle these types of floods automatically without affecting their customers' servers.