The Dangerous Power of DDoS-for-Hire

It was reported in late December 2018 that law enforcement officials from the US, the UK, and the Netherlands, had seized the domains of 15 DDoS-for-hire sites. News reports suggested that the sites were taken down just before Christmas, because it is notoriously a time when hacker groups target retailers and gaming providers in a bid to disrupt their services.

Why DDoS-for-Hire appeals to attackers

DDoS-for-hire sites make it significantly easier to launch DDoS attacks and the rise in these services has caused an explosion of attacks, partly due to their cheap price point – they can be launched for just a few dozen dollars per month – but also because there is virtually no technical barrier to entry because they require very little knowledge of coding. By offering such a low-cost, shared DDoS attack infrastructure, these services have attracted thousands of malicious customers and are responsible for hundreds of thousands of attacks per year. And unfortunately, even though the services are offered at a significantly low price, it does not mean the attacks are any less powerful.

An example of a DDoS-for-hire attack has also been in the news in recent weeks, when it was announced that Daniel Kaye, an Israel-U.K. dual citizen, was sentenced to 32 months in prison for using an IoT botnet to crash large portions of Liberia’s Internet access in 2016. According to reports, Kaye was hired in 2015 to attack Lonestar, Liberia's leading mobile phone and internet company, by an individual working for Cellcom, its competitor. However, the attack was so powerful it ended up knocking a huge portion of the country offline As a result of the attack, Lonestar has apparently suffered millions in loses and lost a number of customers, with the company estimating its revenue dipped from 84 million US dollars (£65.3 million) to 17 million US dollars (£13.2 million) between October 2016 and February 2017.

This highlights just how damaging and powerful DDoS-for-Hire services can be and the types of people that are using them. While competitive advantage is often talked about as a motive for launching damaging DDoS attacks it’s not something that is often heard about in relation to a specific attack. However, this serves to prove that it does happen and, although an organization will usually know who all its competitors are, as a result of DDoS-for-Hire services, the actual attacker can appear completely unconnected and easily be operating from a totally different part of the world.

Defending against DDoS for Hire attacks

Any steps law enforcement officials or security teams make to take these sites down is a positive step. However, because the site owners are able to create new domains, when their sites are taken down, a whole bunch more pop back up in their place, meaning there is still a lot of work to be done. It would be more effective to take down the botnets the attackers are using to launch their attacks or, better securing the compromised IoT devices which attackers are easily recruiting into those botnets.

As a result, organizations should first rely on their own defenses against DDoS attacks, rather than hoping law enforcement will make these services disappear.

Organizations should seek to protect their networks from DDoS attacks fuelled by IoT-driven botnets by deploying an always-on, real-time, automated solution at the network edge, which can detect DDoS activity, including IoT based attacks, and prevent such threats from entering a network.

Corero provides best-in-class, innovative DDoS protection solutions for customers across the globe; to learn how you can protect your organization from the DDoS threat, contact us.

Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.