SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Radware issues security alert, warning of global rise of DDoS-for-hire
Fri, 28th Aug 2020
FYI, this story is more than a year old

Radware has today issued a global cybersecurity alert, warning of the extensive and far-reaching growth of the DDoS-for-hire industry.

Efforts from corporations, law enforcement and independent researchers around the world have attempted in the last two years to curb this growth – but the industry keeps growing says Radware, utilising new attack vectors and producing largescale, record-breaking DDoS attacks.

The alert comes as New Zealand's primary exchange operator NZX has seen trading halt for the fourth time in as many days due to coordinated and sophisticated offshore DDoS attacks.

This was but one of many similar attacks targeting significant and vulnerable organisations in the past few years.

“In March 2019, a record-breaking 1.3Tbps attack abusing exposed Memcached servers by exposing a protocol that was never intended to be exposed to the public, was launched against Github,” says Radware Emergency Response Team information security researcher Daniel Smith.

“Just seven days later and the attack vectors were seen quickly being added to booters and stressers.

“Even more recently, a malicious actor was able to abuse the TCP protocol to cause a TCP Reflection attack. In August 2019, Radware researchers discovered this trend during a campaign targeting the financial services industry.

Due to the complexity of the booster and stresser industry, it's harder to enforce control over criminal activity within the industry and arrest perpetrators.

If one threat is removed, dozens of other criminals will seize the opportunity to fill the void, according to Radware.

One example of this can be seen in a Dutch police operation in October 2019.

In the incident, police seized servers, known to be malicious, from bulletproof hosting provider K.V. Solutions. These servers hosted several command and control servers for IoT botnets. In April 2020, Dutch police working with hosting services, registrars international police force, Europol, Interpol and the FBI, took down another 15 unnamed booters.

While it would be easy to assume this kind of operation would put a dent in the booter and stresser industry, Radware concludes that the actions were ineffective, when criminals were quick to replace those that have been removed.

“Takedowns are not the long-term solution,” says Smith.

“Denial-of-service should be mitigated in different ways. To curb the growing booter and stresser industry means addressing the core problem: the devices and servers used to create large-scale botnets and world record volumes.

“Address the growth of the IoT market and the lack of regulation and security standards for devices that get connected to the internet.

Smith adds that issues surrounding open resolvers and reflectors on the internet must also be addressed.

“While disclosures of new attack vectors are hard to keep pace with, we need to put steady pressure on those who are not patching in a reasonable amount of time and develop ways to cope with open resolvers such as DNS and NTP.

Smith concludes that security leaders must act to close the loopholes currently being exploited.

“If devices can be infected within seconds and open services and resolvers remain, the problem will continue,” he says.

“Removing that vast attack surface from the bot herders plus proper mitigation which increase the resistance against successful DDoS attacks is the only way to demotivate criminals.

“The ultimate solution is to make launching these assaults too difficult and too expensive. Doing so will put an end to smaller cybercriminals wannabe hackers.”