If you partake in fairly current movies, television shows, games, and books, it’s likely you’ve seen (and maybe even believed?) the stereotypes often associated with threat actors. They’re often portrayed as antisocial/awkward geniuses (think “Mr. Robot” and “The Girl with the Dragon Tattoo”), super-sleuth law enforcement types (think “Untraceable”), and even groups formed to take down/assist government organizations (think “Homeland” and “24”).
And although those entertainment options sometimes provide interesting/enjoyable/ridiculous narratives, the reality is that cyberattacks can be launched with much less effort via underground DDoS-for-hire services.
In fact, many such services now allow people to test distributed denial-of-service (DDoS) attack vectors before increasing attack potency via some form of digital or cryptocurrency. Attacks can be waged against layers 3, 4, and 7, and they can be aimed at specific applications, games, and even methods for bypassing standard anti-DDoS measures.
NETSCOUT’s ATLAS Security Engineering & Response Team (ASERT), a group of world-class security researchers and analysts, researched the activities of 19 such services that collectively claim to have successfully launched more than 10 million DDoS attacks.
What's for Sale?
DDoS-for-hire platforms and botnets are being used to launch a plethora of “services,” ranging from free tests to multivector attacks. ASERT evaluated the kinds of attacks being launched to better understand the platforms being used, their capabilities, the purported number of users, and the costs to launch attacks.
Although some of these services have static pricing models, many allow for custom configurations based on duration, concurrent tests, and power, which is viewed as bandwidth and throughput. The costs for such services range dramatically. On one end of the spectrum, there are free tests. At the other end, there are full attacks for as much as $6,500.
As detailed in the 1H 2021 Threat Intelligence Report, we described how some of these services offer “blacklists” or delisting services to prevent attacks against subscribers. One example of this can be found on Booter.sx[LGS9] [SG10] , where adversaries offer a temporary or permanent option for delisting IPs. Not surprisingly, there is no guarantee that purchasing such a “service” prevents an attack.
Nearly every DDoS-for-hire service offers some form of free DDoS attack capability; indeed, just these 19 platforms proffer more than 200 different attack types, with a range of costs. Despite the incredible diversity of these platforms, most attack types can be mitigated using standard defensive practices.
Learn more about the attack options made possible via DDoS-for-hire services, and the ways you can protect against them, in the 2H 2021 Threat Intelligence Report.