Mobil BOTNET İle DDOS Saldırısı
Akıllı mobil cihazlar dünyadaki milyarlarca insanın kullandığı bir teknolojidir. Bu mobil cihazların internet, konum belirleme sistemleri (GPS), kablosuz iletişim ve sağlık uygulamaları gibi ileri düzey yetenek ve teknolojilerinin gelişimiyle kullanım oranları artmıştır. Mobil cihazların kullanım oranın artması zararlı yazılım geliştiricilerin bu alana olan ilgisini arttırmıştır. Değişik konularda büyük bir kullanım yelpazesine sahip olan bu cihazlar, güvenlik açısından henüz gelişme döneminde olan mobil işletim sistemleri nedeniyle zararlı yazılımların hedefi haline gelmiştir. Buna rağmen bilgisayar ile karşılaştırıldığında daha düşük güvenlik politikalarına sahip olduğu görülmektedir. Mobil cihaz kullanıcılarının, bilgisayar kullanıcılarına nazaran güvenlik güncelleme ve uygulamalarına yeterince önem vermedikleri tespit edilmiştir. ANDROID ve iOS sektördeki en popüler mobil işletim sistemleridir. ANDROID, akıllı cihaz pazar payının büyük bir kısmına sahip olması ve açık kod kaynaklı olması nedeniyle zararlı yazılım geliştiricilerin hedefi olmaya devam etmektedir. Son zamanlarda ortaya çıkan ve ANDROID cihazlarını hedef alan en tehlikeli tehditlerden birisi BOTNET saldırısıdır. Bu makalede, mobil BOTNET saldırılarının tanımı ve hâlihazırda mevcut BOTNET ailelerinin bir analizi ve DDOS maksadıyla kullanımı örnekler ile sunulmaktadır. Bu örnekleri analiz ederek, BOTNET saldırılarının ortak özellikleri ve davranışları açığa çıkarılacaktır. Bu sayede, kullanıcı farkındalığının artması ve cihazları üzerinde gerekli güvenlik güncellemelerini yapmaları ve resmi olmayan uygulama mağazalarından elde edilmiş yazılımları daha dikkatli kullanması sağlanacaktır.
DDOS Attack with Mobile BOTNET
Smart mobile devices are used by billions of people around the world. Utilization rates of these devices have increased with the development of advanced capabilities and technologies such as the internet, global location system (GPS), wireless communications and various health applications. Increased use of mobile devices has boosted the interest of malware developers in this area as well. These devices, which have a wide spectrum of applications in various fields, have become the target of malicious software due to underdevelopment of the security aspects of mobile operating systems. They have less security policies, compared to computers. It is also revealed that mobile users, with respect to computer users, do not pay much attention to security updates and security-applications. ANDROID and iOS are the most popular mobile operating systems in mobile industry. ANDROID continues to be the target of malware developers since it is open-source and holds the bigger share of the smart device OS market. One of the most recent and dangerous threats to ANDROID devices is the BOTNET attack. In this article, the definition of mobile BOTNET attacks, an analysis of the existing BOTNET families and their utilization for DDOS attacks are presented with examples. By analyzing these examples, common attributes and behaviors of BOTNET attacks will be revealed. This will increase the awareness of users, ensure that they apply necessary security updates on their devices and use the application software retrieved from unofficial application stores more carefully.
___
- P.W. Singer, A. Friedman, Cybersecurity And Cyberwar, 14-
15, 2014.
- M. Gürkaynak, “Reel Dünyada Sanal Açmaz: Siber Alanda
Uluslararası İlişkiler”, Süleyman Demirel Üniversitesi İktisadi ve
İdari Bilimler Fakültesi Dergisi, 16(2), 264, 2011.
- United States of America Department of Defense, Department of
Defense Dictionary of Associated Terms, Joint Chiefs of Staff,
93, 2010.
- M.G. Todd, Armed Attack In Cyberspace: Deterring
Asymmetric Warfare With Asymmetric Definition, Air Force
Law Review (65), 64-69, 2009.
- Internet: Elektrik neden kesildi? Türkiye genelinde elektrik
kesintisi, http://www.ntv.com.tr/turkiye/elektrik-neden-kesilditurkiye-
genelindeelektrik-kesintisi,RhfwqMiN
NkOUj5_sO12qJg, 28.02.2018.
- S.W. Brenner, M.D. Goodman, “In Defense of Cyberterrorism:
An Argument for Anticipating Cyber-Attacks”, University of
Illinois, Journal of Law, Technology& Policy, 1-57, 2002.
- Y. Xiang, W. Zhou, M. Chowdhury, “A Survey of Active and
Passive Defence Mechanisms against DDoS Attacks”, Deakin
University, School of Information Technology, 51 (2), 2004.
- C. Douligeris, A. Mitrokotsa, “DDoS Attacks and Defense
Mechanisms: Classification and State-of-the-Art”, Computer
Networks, 44(5), 643-666, 2003.
- BİLGEM, DDoS ile Mücadele Kılavuzu, 2015.
- A.R. Flo, A. Josang, “Consequences of BOTNETs Spreading to
Mobile Devices”, 14th Nordic Conference on Secure IT
Systems, Oslo, 2009.
- İnternet: Worldwide Smartphone Growth Goes Flat in Q1 2016,
Apple Market Share Drops to 15.3%,
http://www.iclarified.com/54990/worldwide-smartphone-growthgoes-
flat-in-q1-2016-apple-market-share-drops-to-153-chart,
17.02.2017
- J.S.Lee, H. Jeong, J. H. Park, M. Kim, B.N. Noh, “The Activity
Analysis of Malicious HTTP-Based BOTNETs Using Degree of
Periodic Repeatability”, International Conference on Security
Technology, 83-86, 2008.
- S. Joshi, R. Khanna, L.K. Joshi, “ANDROID BOTNET: An
Upcoming Challenge”, National Conference on Advances in
Engineering (Technology & Management), 5-10, 2015.
- A. Gorla, I. Tavecchia, F. Gross, A. Zeller. “Checking App
Behavior against App Descriptions.”, 36th International
Conference on Software Engineering, 1025-1035, 2014.
- D. Kılınç, F. Bozyiğit, E. Borandağ, F. Yücalar, H. Akyol, E. B.
Akırmak, Z. Uzun, “Sınıflandırma Tabanlı Zombi Bilgisayar
Tespit Sistemi”, Akademik Bilişim 2016, Adnan Menderes
Üniversitesi, Aydın, Şubat, 2016.
- A.Özgür, H. Erdem, “Saldırı Tespit Sistemlerinde Kullanılan
Kolay Erişilen Makine Öğrenme Algoritmalarının
Karşılaştırılması”, Bilişim Teknolojiler Dergisi, 5(2), 41-48,
2012.
- N. Hoque, D. K. Bhattacharyya, J. K. Kalita, “BOTNET in DDoS
Attacks: Trends and Challenges”, IEEE Communication Surveys
& Tutorials, 17(4), 2243-2269, 2015.
- S. Kandula, D. Katabi, M. Jacob, A. Berger, “Botz-4-sale:
Surviving Organized DDoS Attacks That Mimic Flash Crowds”,
2nd Symposium on Networked Systems Design &
Implementation, 287-300, 2005.
- M. Yüksel, N. Öztürk, “SIP Saldırıları ve Güvenlik Yöntemleri”,
Bilişim Teknolojiler Dergisi , 10(3), 301-310, 2017.
- C. Çakır, H. Kaptan, “VoIP Teknolojilerinde Opnet Tabanlı
Güvenlik Uygulaması”, Bilişim Teknolojiler Dergisi, 2(3), 1-7,
2009.
- R.K.C. Chang, Defending Against Flooding-Based, Distributed
Denial of Service Attacks: a Tutorial, IEEE Communications
Magazine 40, 42-51, 2002.
- Y. Chen, YK. Kwok, K. Hwang, “Filtering Shrew DDoS Attacks
Using A New Frequency-Domain Approach”, 1st IEEE LCN
Workshop on Network Security, Sydney, 2005.
- STM, Ekim-Aralık 2016 Siber Tehdit Durum Raporu, STM
Savunma Teknolojileri Mühendislik ve Ticaret A.Ş, Türkiye,
2017.
- İnternet: IoT-Powered DDoS Attacks and SCADA Incidents Will
Make Top Security Headlines in 2017 Bitdefender predicts
https://businessinsights.bitdefender.com/iot-DDoS-attacks-scadaincidents,
01.03.2018.
- ARBOR, Arbor Networks Special Report, 12, 34, 2017.
- İnternet: Current ANDROID malware, http://forensics.
spreitzenbarth.de/ ANDROID-malware, 19.02.2018.
- İnternet: C. A. Castillo, ANDROID malware past, present, and
future, https://pdfs.semanticscholar.org/5735/6502310474b
a9564ec8f581494b8de50b3e5.pdf, 22.02.2018.
- M. Eslahi, R.Salleh, N.B Anuar, “MoBots: A New Generation of
BOTNETs on Mobile Devices and Networks”, International
Symposium on Computer Applications and Industrial
Electronics (ISCAIE), 262-266, 2012.
- İnternet: Eurograbber SMS Trojan steals €36 million from online
banks,http://www.techworld.com/news/security/eurograbber-smstrojan-
steals-36-million-from-online-banks-3415014, 19.02.2018.
- İnternet: Released ANDROID Malware Source Code Used to Run
a Banking Botnet, http://www.welivesecurity.com/2017/02/23/
released-ANDROID-malware-source-code-used-run-bankingbotnet/,
25.02.2018.
- N.B. Thakkar, “An Analytical Model Based On Permissions For
Detecting Malware For An Innovative Platform ANDROID:
Mobile Operating System”, KAAV International Journal Of
Science, Engineering & Technology, 2, 2015.
- R.P. Minch, “Privacy Issues in Location-Aware Mobile Devices”,
37th Annual Hawaii International Conference on System
Sciences, USA, 2004.
- Y. Zeng, On detection of current and next-generation
BOTNETs, Doktora Tezi, University of Michigan, Computer
Science and Engineering, 2012.
- İnternet: A Whale of a Tale: HummingBad Returns,
http://blog.checkpoint.com/2017/01/23/hummingbad-returns,
17.02.2018.
- İnternet: 10 Million ANDROID Phones Infected by All-Powerful
Auto-Rooting Apps, https://arstechnica.com/security/
2016/07/virulent-auto-rooting-malware-takes-control-of-10-
million-ANDROID-devices/, 27.02.2018.
- İnternet: Manifest Permission List, https://developer.
ANDROID.com/reference/ANDROID/Manifest.permission.html,
25.02.2018.
- K. W. Y. Au, Y. F. Zhou, Z. Huang, P. Gill, and D. Lie, “A Look
At Smartphone Permission Models”, CCS'11 the ACM
Conference on Computer and Communications Security, 63–
68, 2011.
- İnternet: A Guide to Understanding ANDROID App Permissions
(& How to Manage Them), http://www.hongkiat.com
/blog/ANDROID-app-permissions/, 28.02.2018.
- A. P. Felt, K. Greenwood, D. Wagner, “The Effectiveness of
Application Permissions”, 2nd USENIX Conference on Web
Application Development, 75-86, 2011.
- W. Enck, M. Ongtang, and P. McDaniel, “On lightweight Mobile
Phone Application Certification”, 16th ACM Conference on
Computer and Communication Security, New York, 235-245,
2009.
- M. Bailey, E. Cooke, F. Jahanian, X. Yunjing, and M. Karir, “A
Survey of BOTNET Technology and Defenses”, Cybersecurity
Applications & Technology Conference for Homeland
Security, 299-304, 2009.
- Vibha Manjunath, Reverse Engineering of Malware on
ANDROID, Yüksek Lisans Tezi, University of ESSEX, 2011.
- N. Hachem, Y.B. Mustapha, G.G. Granadillo, H. Debar,
“BOTNETs: Lifecycle and Taxonomy”, Conference on Network
and Information Systems Security, France, 1-8, 2011.
- H. Pieterse, M. S. Olivier, “ANDROID BOTNETs on the rise:
Trends and characteristics”, Conference on Information
Security for South Africa, South Africa, 1-5, 2012.
- W. Zhou, Y. Zhou, X. Jiang, P. Ning, “Detecting Repackaged
Smartphone Applications in Third-Party ANDROID
Marketplaces”, 2nd ACM Conference on Data Application
Security and Privacy, San Antonio, USA, 317-326, 2012.