Dark Web DDoS Defense: EndGame

Cybercriminals not only launch cyberattacks, but they too are sometimes the target, and that includes Distributed Denial of Service (DDoS) attacks. They can’t buy a solution from legitimate DDoS protection vendors, such as Corero. So, if a rival threat actor, or law enforcement agency, knocks them offline with a DDoS attack, they have traditionally had to accept that it will interfere with their cybercrime agenda.

Digital Shadows, a cybersecurity research group, recently discovered that some bad actors have put their heads together and collaborated to build their own DDoS protection. According to SC Magazine, the filter mechanism is dubbed EndGame, and it is being advertised on the dark web community forum called Dread. It’s not as effective as commercial DDoS defense solutions but, it is bad news for law enforcement agencies because it can hamper their ability to disable dark web operations they uncover. It remains to be seen how many dark web platforms will use the EndGame mechanism, but it will likely make it easier for those that use it to continue their nefarious enterprises.

What effects might this have on the DDoS landscape? A likely outcome is that it forces DDoS attackers to get even more innovative with the attack vectors they use against each other, as a way of ensuring they evade the EndGame defenses. And, you can be quite certain that what they learn attacking each other, is what they will then use to attack legitimate organizations. That’s troublesome news for organizations who rely on Internet uptime for business continuity, because the use of any new vectors can make it much more difficult to defend against DDoS attacks.

Cybercriminals are constantly trying new methods to evade DDoS and other security defenses. Whether EndGame prospers as a solution, or not, you can be assured that threat actors are devising new attack vectors as a result. It is, therefore, critical to have a dynamic, intelligent, DDoS solution in place that can automatically protect against attacks, even those that haven’t been seen before in the wild. Care should be taken to avoid the many DDoS solutions that rely solely on rigid filters and legacy techniques, which can only defend against attack vectors that have been seen previously.

To enhance its industry-leading protection, Corero created a patented, proprietary, heuristic-based detection and mitigation mechanism called a Smart-Rule, multiple variants of which are part of every SmartWall®  DDoS protection solution. The Smart-Rules continuously inspect every packet, automatically, looking for those that exhibit specific traits, or indicators, which identify them as potential members of a DDoS attack.  When repeated packets have the same characteristics, SmartWall is able to accurately convict them as part of a DDoS attack and automatically block them, even if that specific packet type has never been seen before.

DDoS attacks are increasing in terms of frequency, sophistication, and automation, making it necessary to have real-time, automated, DDoS protection as a part of any cybersecurity defenses.

For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here.  If you’d like to learn more, please contact us.

Sean Newman is VP Product Management, responsible for Corero’s product strategy. Sean brings over 25 years of experience in the security and networking industry, to guide Corero’s growing leadership in the real-time DDoS protection market. Prior to joining Corero, Sean’s previous roles include network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.