Defending Against DDoS-for-Hire Hackers

According to a recent article in Bitdefender, there is one less cybercriminal on the loose, after a United States court sentenced a 21-year old Illinois man to 13 months in prison for operating a booter-stresser service. The service had been used to launch an incredible 3.8 Million distributed denial of service (DDoS) attacks in just 12 months. The “customers” of his service needed no coding ability, or DDoS knowledge, just a means of payment.  DDoS for hire prices on the Dark Web range from fifty to thousands of dollars, depending on the scale of the attack. Any organization can be the target of DDoS these days because it is so easy and inexpensive for a competitor, disgruntled customer, employee, campaigner, or other adversary to use a DDoS-for-hire service.

Attacks Don’t Discriminate

The Bitdefender article alludes to one DDoS attack on a school district in Pittsburgh, Pennsylvania, that impacted 17 other systems; this illustrates the point that DDoS attacks are often quite indiscriminate and can create significant collateral damage. That is, an attack on one target may also impact other systems and organizations that use the same IT infrastructure.

This is particularly true if the target of an attack is an Internet Service or Hosting Provider, because they have so many downstream customers. For example, a couple of weeks ago the South African ISP Cool Ideas suffered a 300 Gbps attack. To better handle such attacks in the future, Cool Ideas reportedly said, “We will still keep using our additional capacity and existing detection and scrubbing systems, but if a larger volume attacks happens we will be able to hand-off the bulk of it to a more specialised provider.” It’s impossible to know exactly how Cool Ideas defends its network, but if it relies mainly on a scrubbing center approach, that has some significant disadvantages.

Legacy DDoS Defense Systems

Out-of-band scrubbing centers are legacy anti-DDoS solutions in which IT security teams observe suspicious/attack traffic and re-route that traffic to a scrubbing center, which attempts to remove the bad packets and return the good/legitimate traffic to its intended target. A significant limitation to this approach is the often lengthy delay between detection of the attack and when the actual remediation efforts begin. This approach is also typically resource-intensive and expensive, because it requires highly-trained personnel to monitor traffic 24/7. It’s also prone to error, since human security analysts cannot react fast enough to modern multi-vector DDoS attacks and, because often, the attacks are short in duration and relatively small in volume. Even these short, sub-saturating, attacks are cause for concern, because they can result in poor network performance and inability to access applications and services, which can still lead to lost revenue, and reputation damage to organizations that rely on the Internet to do business.

Modern DDoS defense

To avoid any impact from these often indiscriminate DDoS attacks, organizations can deploy automated DDoS defense in a variety of ways: as an on-premises solution, or a hybrid combination of on-premises appliances and a cloud scrubbing service, or as a subscription service from their Hosting Provider or Internet Service Provider.

The Unrelenting Threat

Police have cracked down on some high-profile booter-stresser services, but there are far too many of them for law enforcement to make a substantial impact. The future of DDoS is, unfortunately, set to include DDoS-for-hire sites, which make it all too easy and inexpensive to launch attacks. Any organization that depends on the Internet to provide its services, should take the DDoS threat seriously, and enable an always-on, automated DDoS defense solution.

For over a decade, Corero has been providing state-of-the-art, highly-effective, automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. If you’d like to learn more, please contact us.

Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.