15 Leading DDoS-for-Hire Sites Shut Down by Authorities

Just a few days before the busiest holiday season, the Federal Bureau of Investigation (FBI) shut down 15 websites that offered DDoS-for-hire services.

Following the seizure warrants issued by the U.S. District Court for the Central District of California, the FBIshut down 15 sites offering DDoS-for-hire services. These 15 DDoS-for-hire sites, including downthem.org and quantumstress.net, represent some of the world’s leading DDoS-for-hire services, the FBI said in a statement.

According to the FBI, the 15 DDoS-for-hire sites that were taken down were responsible for DDoS attacks directed at victims in the U.S. and abroad, including financial institutions, universities, internet service providers, government systems, and various gaming platforms.

Between October 2014 and November 2018, the FBI said, Downthem’s database showed it had more than 2,000 customer subscriptions which resulted in over 200,000 attempted or successful DDoS attacks. The FBI added that another DDoS-for-hire site quantumstress.net, between 2012 up to November 29, this year, had over 80,000 customer subscriptions. In 2018 alone, the law enforcement agency said, Quantum was used to launch more than 50,000 attempted or successful DDoS attacks.

DDoS-for-Hire Services

DDoS-for-hire services, also known as “booter” or “stresser” services, are services offered online, allowing paying customers to launch powerful distributed denial-of-service (DDoS) attack against a chosen target. In DDoS attack, a chosen target – typically a website – is flooded with malicious traffic, preventing legitimate users to access the said site.

DDoS-for-hire service is also known as booter service as this particular cyber-attack results in the kicking or “booting” out of the targeted site from the internet. DDoS-for-hire service is also called stresser service as this service is oftentimes advertised as a legitimate service for online infrastructure stress tests. It’s worthy to note that DDoS, on its own, isn’t illegal. It only becomes illegal when the DDoS attack is done without the site owner’s permission.

Malicious DDoS attacks are costly on the part of the victims. These attacks could render a site slow or inaccessible. Legitimate users, as a result, are prevented from accessing online resources, further disrupting business activities, and resulting in significant remediation costs on the part of the victim organizations, as well as causing impacted organizations to lose customers.

A notable example of a DDoS attack was directed against Dyn– a domain name service (DNS) provider. The DDoS attack against Dyn on October 21, 2016 rendered 80 popular websites, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix, to become inaccessible to the public. “We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets,” Dyn said in a statement.

DDoS Botnets

Mirai, referred to by Dyn, is a malicious software (malware) that infects Internet of Things (IoT) devices such as routers and security cameras and turn these infected devices into a botnet – referring to a group of infected computing devices remotely controlled by an attacker or attackers to commit cyber-attacks, including DDoS attacks.

According to the U.S. Department of Justice, at its peak, Mirai infected more than 100,000 IoT devices and turned them as a botnet. Three college-age friends Paras Jha, Josiah White and Dalton Norman admitted of collectively creating the Mirai. The Department of Justice said that the involvement of Jha, White and Norman with the Mirai ended when Jha leaked online the source code of Mirai.

The publication of the Mirai source code on September 30, 2016 has led to the creation of a number of copycat versions of Mirai. Last month, researchers at Netscoutobserved that a new Mirai variant infects enterprise Linux servers running Apache Hadoop YARN. Turning hundreds of thousands or millions of IoT devices as well as turning even a handful of enterprise servers as DDoS botnet is dangerous as their collective DDoS impact is enormous and could result in rendering a number of websites offline.

In the case of the original Mirai, attackers were able to infect hundreds of thousands of IoT devices by automating the login process using 61 default credentials – username and password combinations that users ignored to change or too difficult for some people to change. The Mirai variant that infects enterprise Linux servers running Apache Hadoop YARN, meanwhile, compromised these devices by exploiting unpatched Linux servers running on Apache Hadoop YARN, and through brute-force – referring to the systematic attempt to guess the correct username and password combination. 

Cyber Security Best Practices

Here are some best practices in order protect your organization’s computing devices, including servers, routers and security cameras, from being turn as part of a botnet for DDoS attacks:

Change Default Username and Password Combinations

It’s important to change default username and password combinations as these are often used by cyber criminals as an entry point to infect computing devices and turn these infected devices as part of a DDoS botnet.

Keep All Software Up-to-Date

It’s important to install all software security updates in a timely manner as these updates close the vulnerabilities that are known or publicly exploited by cyber criminals. Failing to install these security updates leaves your organization’s computing devices open to cyber-attacks.

Implement Network Segmentation

Network segmentation is the practice of isolating computing devices, including servers and IoT devices, on their own protected networks. Network segmentation or isolation ensures that in case a certain network is infected with a malware, the other networks won’t be infected.

To counter DDoS attacks from attacking your organization’s website or websites, it’s important for your organization to have an easy to use, cost-effective and comprehensive DDoS protection.

Speak with one of our security expertstoday and protect your data.

Leave a Reply

Your email address will not be published. Required fields are marked *