Attack-as-a-Service: Criminals in the Cloud

It seems like the benefits of the cloud appeal not just to businesses but also to criminals, as there are now reports that cyber criminals who are using the cloud to generate new revenue streams and as a means of simplifying their infrastructure. In what can only be described as “Attacks-as-a-Service,” many hackers are now offering shady cyber services done via cloud, such as offering botnets for lease or sale (which can be used to launch massive DDoS attacks), or to run bots meant to help players of online games cheat.

The most recent example has a Chinese group opening a site called IM DDODS, which allows customers to sign in and order DDoS attacks on any target they wish. According to security firm Damballa, the botnet being used by IM DDoS is fairly large and can be a huge problem for all but the biggest of hosts.

The IM DDoS site is written only in Mandarin (which is a good thing as that at least limits its use to people who understand the language, or those savvy enough to work out its usage using a crude online translation tool like Google Translate), and uses a self-service model, where customers can create accounts, choose targets, and launch the attacks themselves. Damballa reports that the site claims to only allow the targeting of non-legitimate web servers – such as gambling sites.

DDoS attacks on illegal sites is not without precedent, though uncommon. There are speculations that copyright holders and studios sometimes pay hackers or firms to launch DDoS attacks on pirated movie and file sharing sites in order to bring them down or at least make them inaccessible to other users.

AaaS is Inexpensive

According to some insiders, hiring a hacker is relatively cheap and won’t cost as much as a really good dinner at an upscale restaurant. Some hackers will crack e-mail passwords in less than 48 hours for $150 to $400. IM DDOS is actually even more generous, as they also offer free services along with their paid ones.

AaaS providers are actually running their sites like legitimate businesses, complete with service-level agreements, subscriptions, and even technical support for “lifetime customers.” However, these technical support sessions are done clandestinely, usually through the Chinese instant messaging service QQ.

According to Damballa, the malware that spreads IM DDOS’ bot software is nothing special, and sends out DNS requests often enough that detecting it should be fairly easy and can be prevented. However, the sheer size of the botnet that they already have is alarmingly large, and can pose a problem even if it stops growing.

Leave a Reply

Your email address will not be published. Required fields are marked *