Industry collaboration disrupted WireX botnet, global DDoS attack

0

On the 29th of August, researchers from Akamai, Cloudflare, Flashpoint and RiskIQ, published a joint breaking news blog about the WireX botnet, and how this was used as a volumetric DDoS attack against multiple content delivery networks (CDNs) and content providers on August 17th 2017. The botnet comprises primarily of Android devices running malicious applications and is designed to create DDoS traffic; it is also sometimes associated with ransom notes to targets.

The first available indicators of the WireX botnet appeared on August 2nd, as minor attacks that went unnoticed at the time. On August 17th, researchers from the four companies above, with input from multiple organisations, began information sharing and used their combined knowledge to research the botnet and the attacks, disclose to Google and help with mitigation, and to ultimately destroy the botnet. Once Google was alerted that this malware was in its Play store, it swiftly took action to remove hundreds of affected applications, and started removing the applications from all devices.

For the full research report and list of contributors, as well as Google’s statement, read the blog: https://blogs.akamai.com/2017/08/the-wirex-botnet-an-example-of-cross-organizational-cooperation.html

Please see below supporting quotes from each research team. Nick Rieniets, Senior Security Specialist at Akamai Australia and New Zealand, is also available for interviews.

SUPPORTING QUOTES

Akamai:

“Only by truly understanding what’s happening on the Internet are you able to make it safer. And trusted information sharing groups are one of the best ways to foster that understanding. In the case of the WireX botnet, a direct result of our information sharing and other research collaboration was our ability to fully uncover what made this malicious software tick in a much more timely manner. Working together to fight these threats benefits not only our collective customers, but also Internet users as a whole,” Jared Mauch, Senior Network Architect and Security Researcher, Akamai.

Cloudflare:

“Cloudflare worked in collaboration with industry partners to identify and take steps to disrupt the very dangerous WireX botnet. The WireX botnet is particularly significant as it’s one of a handful of Android mobile device botnets used for DDoS attacks. Cloudflare’s mission is to help build a better Internet, and this time, the most effective way to protect Internet users as a whole involved cross-industry collaboration. I’m proud of our research team and the researchers who worked together to rapidly investigate and mitigate this dangerous new discovery,” said Matthew Prince, co-founder & CEO of Cloudflare.

Flashpoint:

“This research is exciting because it’s a case study in just how effective collaboration across the industry is. This was more than just a malware analysis report. The working group was able to connect the dots from the victim to the attacker. The group also used the information to better mitigate the attack and dismantle the botnet — and this was completed very quickly,” said Allison Nixon, Director of Security Research, Flashpoint. “A botnet of this extreme size is concerning for the sake of the Internet as a whole. I want to especially thank the organizations who are attacked with DDoS traffic and are kind enough to share detailed information about the attacks. These contributions are vitally important to dealing with these global threats.”

RiskIQ:

“The WireX botnet operation shows the value of a collaborative response from security firms, service providers, and law enforcement,” said Darren Spruell, threat researcher at RiskIQ. “Our ability to provide support to the response effort is enabled by insight and intelligence driven by our broad internet data collection. WireX abuse involves the global DNS, content delivery networks, malicious mobile apps, web hosting and the ads ecosystem. Being able to supply insight into the many complexities of modern criminal operations and gain valuable intelligence on various facets is one way that RiskIQ provides value to our partners and customers.”

Share.

Comments are closed.