Takedown of DDoS-for-Hire domains demonstrates changing field
Maintaining a strong, versatile stance on the nature of cybersecurity requires understanding threats and trends. But the thing is, gone are the days where problems are only a form of anti-virus or email scam. Today, malware, ransomware, DDoS, and all forms of cybercrime come in the form of services, provided by vendors like you would purchase a subscription or product.
This is an important characteristic of contemporary cybercrime. It’s no longer a matter of simply launching a virus or taking advantage of breach events, it’s a service, a marketplace, and for worse, an industry. It does two things: normalizes the dangers of incredibly dangerous malware variants, and makes them easily accessible to non-experts. For threat actors, a background in coding or software engineering is no longer necessary to acquire dangerous digital weapons.
It’s a rapidly expanding problem, one that can impact millions of people.
DDoS as a Purchased Service
An example of malicious resources purchased as a service is a recent arrest involving DDoS-For-Hire scams. As the name implies, individuals would contact malicious third parties offering DDoS-based attacks and hire them just as you might with any regular service, contractor, or vendor.
Specifically, 48 websites were seized by the FBI concerning DDoS-For-Hire attacks, with six suspects charged for accused ownership of the domains.
As the name implies, a user could purchase the service to overwhelm a target system or network with traffic and render them inoperable for a duration. Typically, performing this operation requires significant computational resources and people, but was weaponized at the behest of the purchasers.
The suspects were involved with several websites which hid under the guise of “testing” websites, or domains meant to test the network of a target company or person. Instead, they applied DDoS attacks to target networks and had no shortage of victims. The following report by the FBI and Department of Justice noted millions of individuals were impacted by the DDoS attacks, ranging from games media platforms, school networks, and government agencies.
It’s not a recent strain of attacks, either. Investigations revealed 30 million DDoS service-based attacks were carried out from 2014 to 2022, a dangerous 8-year operation. And, it’s only one cell of cybercriminal activity, other DDoS-for-Hire services do exist.
The DDoS websites involved in the attacks were such names as SecurityTeam, RoyalStressor, Booter, IPStressor, and TrueSecurityServices. Again, each attempted to feign operating as a legitimate organization, demonstrating that threat actors are emboldened to hide in plain sight.
Paying for an Established Network
One characteristic of the attackers and associated attack websites is, unsurprisingly, the trend of using cryptocurrency for payment options. This fits neatly with crypto used as the go-to for threat actors, given its difficulty to trace and ease of shifting thousands to millions in seconds.
Furthermore, the reason these attacks and other malware service vendors are so popular is established resources, essentially networks that are targeted by threat actors or already infected with the means to compromise them.
It demonstrates how attackers take advantage of entrenched resources and rely on years’ worth of compromised devices, networks, and systems. Worse yet, because these resources are sold in services, there are higher risks and higher chances to be the source of an attack. Today, attackers have options, whether they wish to pursue actions individually or contract a service. It paints a different picture, transforming the malware space into a market instead of a “dark web” characteristic.
As the threat market shifts and malicious software or services are offered as a product, we have to take note of how the malware world is changing. As such, preparing for the future and equipping ourselves with proper defensive tools can make all the difference.
Bytagig is dedicated to providing reliable, full-scale cyber security and IT support for businesses, entrepreneurs, and startups in a variety of industries. Bytagig works both remotely with on-site support in Portland, San Diego, and Boston. Acting as internal IT staff, Bytagig handles employee desktop setup and support, comprehensive IT systems analysis, IT project management, website design, and more. Bytagig is setting the standard for MSPs by being placed on the Channel Future’s NexGen 101 list.