One of the most constant threats faced by website, web applications, and online infrastructure operators are the so called denial-of-service (DoS) attacks. According to cyber forensics course specialists, threat actors are always trying to develop methods to deploy these kinds of attacks, so it is necessary to stay one step ahead of hackers.
Recent research has revealed a new method for deploying these attacks; during a DoS attack incident originated in Asia, it was discovered that the attackers used the <a> tag ping, a common HTML5 attribute, to make the users participate in a DoS attack without their knowledge, generating over 70 million of requests within four hours for a single website.
This is a one of a kind attack variant because, instead of exploiting a known vulnerability, hackers turn a legitimate feature into a hacking activity tool. The researchers also found that most of the victims were users of QQBrowser, a mobile browser developed by the Chinese company Tencent employed almost exclusively by the Asian giant population.
Ping is a command in HTML5 that specifies a list of URLs to notify if the user follows a hyperlink. When the user clicks on the hyperlink, a POST request is sent to the specified URLS, the cyber forensics course specialists mentioned. This attribute is useful for website administrators to track interactions that achieve a link.
These kinds of notification services are nothing new. WordPress, for example, has the Pingback function, which notifies web site administrators when someone clicks on a link on the site. Multiple hacker groups have repeatedly used this feature to deploy DoS attacks, sending millions of requests to vulnerable WordPress deployments.
In addition to using the ping HTML5, this DoS attack also turned to mobile device users in a single region of the world; Specialists point out that it is very rare for attackers to focus on the users of a single mobile browser service.
According to cyber forensics course specialists from the International Institute of Cyber Security (IICS), it is possible that attackers used a combination of social engineering and malvertising to deceive users of WeChat, a messaging service from China, to deploy the attack. This would explain why the massive presence of mobile browser QQBrowser as victims of the attack.