IoT Devices Are Powering Affordable DDoS-for-Hire Services
For as long as there has been cyber crime, there have been illegal exploit kits for sale.
Sure, these vary from the elementary to the advanced, but the malicious tools needed to commit cyber crime, theft, hacktivism or participate in run-of-the-mill online havoc are only a click away.
But the raw power, scale and sophistication for sale via those clicks is growing at unprecedented rates. The catalyst for this momentum is, yet again, unsecured Internet of Things (IoT) devices. This is known as the DDoS of Things (DoT).
It’s the focus of a compelling Network World/CSO feature, “Hire a DDoS service to take down your enemies.” Network World and CSO editor Ryan Francis outlines the many ways cyber criminals are able to cleverly leverage and repackage cyber-attack tools, specifically DDoS weapons.
Capitalizing on the ease of building global botnets via new strands of publicly available malware (e.g., Mirai, Leet), threat actors, criminals and hackers are marketing DDoS-for-hire services to anyone with a few dollars in online currency.
While all manners of online weapons are available for sale, DDoS-for-hire services are typically labeled as ‘stressers’ or ‘booters.’ Regardless of nomenclature, they’re the same thing. Some criminal outfits like to use the ‘stresser’ term to thinly veil their service as a legitimate testing tool.
“Basically everything is for sale,” A10 Networks Director of Cyber Operations Dr. Chase Cunningham told CSO. “You can buy a ‘stresser’, which is just a simple botnet type offering that will allow anyone who knows how to click the start button access to a functional DDoS botnet.”
From there, the user has access to massive global botnets capable of launching global DDoS attacks at organizations, online services, gaming platforms, etc.
Most of these services use SaaS-based subscription models, wrote Francis. His story notes that most services cost about $30-40 a month and include tools and 24-7 support. Prices go up based on attack duration, throughput, subscriptions length and tools included.
Cunningham predicts that cyber criminals will soon give everyday buyers options to specifically purchase IoT-based traffic to push their DDoS attacks to greater capacity thresholds.
“I haven’t seen many yet that specifically include the option to ‘purchase’ an IoT-specific traffic emulator, but I’m sure it’s coming,” Cunningham told CSO. “If it were me running the service, I would definitely have that as an option.”
DDoS Protection Solutions
To prevent large-scale DDoS attacks, enterprises, service providers and security-conscious organizations can implement A10 Thunder TPS, a line of high-performance DDoS protection solutions that detect and mitigate multi-vector DDoS attacks at the network edge, functioning as a first line of defense for your network infrastructure.