Cyber security expert Dancho Danchev, recently released DNS amplification DDoS service available for sale in the underground, a privileged attack tool for the criminal ecosystem.
DDoS attacks observed last year were characterized by an increased magnitude because attackers adopted new techniques in their arsenal, including NTP and DNS amplification methods.
Web-based DNS amplification enabled DDoS bot, and not only managed to connect it to what was once an active DDoS attack, but also, to the abuse of a publicly accessible open DNS resolver which has been set up for research purposes.
Cybercriminals continue to stick to proven risk-forwarding tactics, consisting of pitching releases ‘for educational purposes only’, with the idea to be only utilized as a tool for performing stress testing scenarios.
he bot is relies on its own obfuscation and packing algorithm. Packed, the binary’s size is approximately 30kb. Next to the active use of the Hardware ID licensing system, the bot’s C&C communications are also encrypted by default.
It includes a built-in DNS scanner, for finding mis-configured DNS servers, to be used in high-bandwidth powered DNS amplification DDoS attacks which are utilized by a number of threat actors.
Priced at $2,500, the vendor is also applying an additional OPSEC vector to the proposition, in the context of offering the option to host the actual archive, encrypted, on a server of choice based on the customer’s preferences, with the actual passphrase communicated in a secure fashion.
The package includes the access to a pre-configured VPN server to be exclusively used when accessing the bot’s interface, but very interesting is the availability of a live demo included a live demonstration of the abuse of a publicly accessibly open DNS resolver.
No comments:
Post a Comment