One of the most constant threats faced by website, web applications, and online infrastructure operators are the so called denial-of-service (DoS) attacks. According to cyber forensics course specialists, threat actors are always trying to develop methods to deploy these kinds of attacks, so it is necessary to stay one step ahead of hackers.
Recent research has revealed a new method for
deploying these attacks; during a DoS attack incident originated in Asia, it
was discovered that the attackers used the <a> tag ping, a common HTML5
attribute, to make the users participate in a DoS attack without their
knowledge, generating over 70 million of requests within four hours for a
single website.
This is a one of a kind attack variant because,
instead of exploiting a known vulnerability, hackers turn a legitimate feature
into a hacking activity tool. The researchers also found that most of the
victims were users of QQBrowser, a mobile browser developed by the Chinese
company Tencent employed almost exclusively by the Asian giant population.
Ping is a command in HTML5 that specifies a
list of URLs to notify if the user follows a hyperlink. When the user clicks on
the hyperlink, a POST request is sent to the specified URLS, the cyber
forensics course specialists mentioned. This attribute is useful for website
administrators to track interactions that achieve a link.
These kinds of notification services are nothing
new. WordPress, for example, has the Pingback function, which notifies web site
administrators when someone clicks on a link on the site. Multiple hacker
groups have repeatedly used this feature to deploy DoS attacks, sending
millions of requests to vulnerable WordPress deployments.
In addition to using the ping HTML5, this DoS attack
also turned to mobile device users in a single region of the world; Specialists
point out that it is very rare for attackers to focus on the users of a single
mobile browser service.
According to cyber forensics course specialists
from the International Institute of Cyber Security (IICS), it is possible that
attackers used a combination of social engineering and malvertising to deceive
users of WeChat,
a messaging service from China, to deploy the attack. This would explain why
the massive presence of mobile browser QQBrowser as victims of the attack.
