The US Department of Justice (DOJ) has announced the seizure of 48 domains found to be offering distributed-denial-of-service (DDoS) attacks as an on-demand service for cybercriminals.
A press release (opens in new tab) from the office of E. Martin Estrada, the US Attorney for the Central District of California, revealed that, in addition to these seizures, criminal charges are being against six defendants believed to be responsible for running these platforms.
The news brings ‘cybercrime-as-a-service’, highlighted in Microsoft’s Digital Defence Report (MDDR) in November 2022, back into focus, in addition to the plague of DDoS attacks sweeping the internet.
DDoS-for-hire
Previously, TechRadar Pro has usually covered cybercrime-as-a-service in the context of ransomware, which locks personal users and businesses out of their files by encrypting them (usually until a threat actor receives a monetary ransom), or droppers, which distribute malware via delayed software updates.
However, DDoS-as-a-service (sometimes referred to as “booter” services, as they boot targeted systems from the internet) is still a very popular option for those looking to commit cybercrime without the technical know-how.
The US Attorney’s office claims that the websites seized in the operation launched “millions” of DDoS attacks to attack victims across the globe, with some claiming to offer legitimate ‘stressor’ services for businesses.
“These booter services allow anyone to launch cyberattacks that harm individual victims and compromise everyone’s ability to access the internet,” said US Attorney Estrada, highlighting that the services allow for maximum damage with minimal effort.
“This week’s sweeping law enforcement activity is a major step in our ongoing efforts to eradicate criminal conduct that threatens the internet’s infrastructure and our ability to function in a digital world.”
Alongside these seizures, the US’s FBI, the UK’s National Crime Agency, and the Netherlands Police are taking a softer approach towards those who show an interest in using DDoS-for-hire services.
An advertising campaign in the form of placement ads in search engines will pick up on common keywords related to DDoS-for-hire activity to deter would-be cybercriminals from investing in these services, and educate the public about DDoS activity and how it affects them. The FBI has also committed to assisting victims where possible.
“Whether a criminal launches an attack independently or pays a skilled contractor to carry one out, the FBI will work with victims and use the considerable tools at our disposal to identify the person or group responsible,” said Donald Alway, the Assistant Director in Charge of the FBI’s Los Angeles Field Office.
“Victims of cybercrime [in the US] are urged to contact their local FBI field office or file a complaint with the FBI’s Internet Crime Complaint Center at ic3.gov.”
Fumali – Service providers Marketplace