FBI Seizes 13 More Domains Linked to DDoS-For-Hire Services
Cyber Security Threat Summary:
“The U.S. Justice Department announced today the seizure of 13 more domains linked to DDoS-for-hire platforms, also known as 'booter' or 'stressor' services. This week's seizures are part of a coordinated international law enforcement effort (known as Operation PowerOFF) to disrupt online platforms allowing anyone to launch massive distributed denial-of-service (DDoS) attacks against any target for the right amount of money. This week's seizures are part of a coordinated international law enforcement effort (known as Operation PowerOFF) to disrupt online platforms allowing anyone to launch massive distributed denial-of-service (DDoS) attacks against any target for the right amount of money” (Bleeping Computer, 2023).
Security Officer Comments:
Below is a list of the domains taken down by the U.S Justice Department:
According to the FBI, majority of the seized domains are reincarnations of services that were seized during a prior operation in December, which took down 18 booter services. The FBI tested the booter services by opening or renewing accounts with each of them and assessed the effects on target computers via DDoS attacks launched on computers controlled by the agency. To their surprise, some of the attacks took the targeted devices offline even though they were on running on high-capacity Internet connections.
Suggested Corrections:
DDoS attacks are difficult to defend against as legitimate vs illegitimate packets are hard to distinguish between. Typical DDoS attacks will either abuse bandwidth or applications.
There are various methods of defending against DDoS attacks.
Sinkholing:
In this approach, all traffic is diverted to a “sink hole” where it is discarded. The problem with this method is that both good and bad traffic is removed, and the business loses actual customers.
Routers and firewalls:
Routers can be used to stop attacks by filtering nonessential protocols and invalid IP addresses, but when a botnet is using a spoofed IP address, this makes the filtering process worthless. Firewalls also have difficulties when actual IP addresses are spoofed.
Intrusion-detection systems:
These solutions can leverage machine learning to recognize patterns to automatically block traffic through a firewall. These technologies are not always automated and may require fine tuning to avoid false positives.
DDoS mitigation appliances:
Various vendors make devices designed to sanitize traffic through load balancing and firewall blocking. Organizations have had varying levels of success with such products, some legitimate traffic will get blocked, and some bad traffic will still get through.
Over-provisioning:
Some organizations choose to leverage extra bandwidth to handle sudden spikes in traffic during a DDoS attack. This bandwidth is often outsourced to a service provider who can pick up the bandwidth during an attack. As attacks grow larger, this mitigation technique may become more expensive and less viable.
More information on DDoS Attacks by CISA: https://us-cert.cisa.gov/ncas/tips/ST04-015
Link(s):
https://www.bleepingcomputer.com/