When properly designed and trained, artificial intelligence and machine learning can help improve the accuracy of distributed denial-of-service detection and mitigation.

After early excitement about artificial intelligence (AI) in the late 1980s and early 1990s, followed by a couple of "AI winters" — periods of reduced funding, interest and even disillusionment — we now again see great enthusiasm about all things related to AI and machine learning (ML). It is no wonder that AI/ML is also being considered for network security, including distributed denial-of-service (DDoS) protection.

It's not that AI/ML algorithms have changed so radically — but they have matured. In network security, like in many other fields, the abundance of data and greater-than-ever processing power makes it feasible to implement new AI/ML algorithms in silicon or in the cloud, allowing us to teach machines to be more accurate and faster than humans are.

With DDoS security, the problem is distinguishing "good" from "bad" traffic and minimizing the mitigative actions to reduce the effect on "good" traffic. Apart from accuracy and speed, the percentage of false positives indicates how good your detection is — the lower, the better. Until recently, the industry-accepted rate of 5% to 10% false positives meant that neutralizing a 2Tbps-size DDoS attack could also block 100Gbps to 200Gbps of legitimate network traffic. This needs to improve by at least an order of magnitude.

**AI/ML for Better DDoS Detection**

AI/ML can help network security teams make more accurate and faster decisions about what constitutes a DDoS threat or is an ongoing attack. Knowing the larger Internet-security context is essential — a global perspective of traffic down to the IP address level, with prior history of traffic patterns and abuse — can help prevent making a snap decision about whether certain traffic flows are legitimate. It's like a credit card company tracking all transactions in order to decide which ones are fraudulent.

Big data collected from the network itself — in the form of telemetry from IP routers, enhanced with the larger security context — provides a great base for training AI/ML models to recognize DDoS patterns. Still, human intelligence is irreplaceable: People need to teach AI/ML what to look for. And there is a lot to be taught, from recognizing a botnet DDoS (coming from thousands of IoT devices as regular IP traffic) to understanding when seemingly separate network patterns are all parts of a larger, coordinated DDoS activity.

**Better Mitigation, Too**

Another important role for AI/ML is in defining DDoS mitigation strategies and driving real-time tactics based on changing network conditions and mitigation results.

DDoS detection is a big data problem with somewhat unconstrained resources, limited only by the processing platforms. DDoS mitigation, however, is a problem where resources are constrained. Mitigation capabilities, capacity, and scale can differ from product to product and from one network to another. The actual mitigative actions need to consider all of those details and more — preferences about the number of security filters applied on routers, whether NETCONF or Flowspec should be used, etc. All of these constraints can be passed to an AI/ML system to drive networkwide AI/ML-optimized mitigation.

Additionally, AI/ML algorithms could be used to calculate the efficiency (as measured by false-positive rates) of suggested mitigation scenarios and to test and evaluate different what-if scenarios offline to improve the mitigation further.

**Understanding Wider Context Is Key**

Big data platforms can efficiently sift through massive amounts of data, ingesting information about the Internet-wide security-related context and real-time network data about network flows, usage patterns, and other relevant metrics.

With the help of AI/ML algorithms, it is now possible to detect DDoS activity early and take immediate, targeted, and optimized mitigation measures to thwart such attacks.

By incorporating big data analytics and AI/ML into all stages of a comprehensive DDoS security strategy, we can guard our networks against malicious DDoS attacks, keep the services running, and protect users online.

How AI/ML Can Thwart DDoS Attacks

By Owais Sultan
Choosing the right hosting service provider is one of the most critical yet often overlooked components when it…
This is a post from HackRead.com Read the original post: What To Look For In The Best WordPress Hosting

Choosing the **right hosting service provider** is one of the most critical yet often overlooked components when it comes to the success of a website. A good WordPress hosting provider will not only offer all the right tools to conveniently manage your website but will also boost your SEO and increase your traffic.

With that said, finding the best WordPress hosting service is not always easy. That’s especially true considering that many hosting companies often make bold assertions about their services with little evidence to back them up.

So, if you are in the market for a **top WordPress hosting** service provider, it helps to know what to look out for, so you are better able to make an informed choice. Here are factors that make a good WordPress hosting service:

**Security**

With cases of **cybercrime increasing each day**, cybersecurity has never been more important. For this reason, security should be at the top of your priority list when shopping for a WordPress hosting service.

Fortunately, most of the top web hosting service providers in the market go to great lengths to buffer the websites of their clients against unauthorized access and data breaches. Standard security features to look for in your WordPress hosting provider include:

*   SSL certificates
*   DDoS protection
*   Threat monitoring
*   Two-factor authorization
*   Web application firewall (WAF)

It’s also important to ensure that the hosting company offers automated **backup solutions** (PDF) as these provide an extra layer of protection in case you inadvertently delete files or your site crashes.

**Performance**

Lags and slow-loading web pages can easily drive away visitors from your website, causing you to lose out on the traffic that you need to grow your brand and increase your revenue. For this reason, you should go for a hosting provider that can guarantee high levels of performance at all times.

Below are factors you can look out for when vetting a hosting provider for your site:

*   Error rate
*   Throughput
*   Page load time
*   Requests per second (RPS)
*   Peak response times (PRT)

**Great Customer Support**

It is inevitable that you will run into some concerns or questions once you begin working with a new WordPress hosting provider. So, naturally, you want a hosting provider with convenient and direct communication avenues that you can use to get in touch with them for any assistance you may require.

The good news is that most of the top WordPress hosting providers offer 24/7 customer support and have a very quick response time. Besides resolving basic website-related issues, such as server management and security, a reliable customer support team should also be able to provide assistance when it comes to web optimization and upgrades.

**Reliability**

When choosing a WordPress hosting service for your website, you can’t overlook the reliability of your provider’s servers. Even a single instance of downtime can not only cause you to lose out on revenue but also hurt your ranking on search engines and potentially damage your reputation

As such, it’s important to ensure that the hosting provider’s servers are reliable. Unfortunately, this can be a bit tricky since, as mentioned, most providers often go out of their way to inflate the efficiency of their servers when advertising.

Ideally, your hosting provider should be able to guarantee 99.9% uptime without being subject to any unexpected maintenance. To achieve this standard, most reputable hosting providers use strategies such as monitoring the capacity of their servers and creating backup routes to redirect excess traffic.

**Scalability**

Most people who invest their time and money into launching and running a website have the desire to watch it grow over time. So, when shopping for the right WordPress hosting for your site, you want a provider that is in tune with and responsive to this need.

In terms of scalability, the most important thing is to ensure your hosting provider has flexible plans that can conveniently accommodate any site. A reliable web hosting company will be able to suggest the right hosting package for your website and inform you when it is time to upgrade to a new plan to accommodate your site’s growth.

Choosing a WordPress hosting provider can make or break your website. So, if you are looking for a web hosting company to launch your website through, carefully consider whether they meet the criteria discussed above before committing to any purchase.

1.  **Step-by-Step Security Guide for WordPress**
2.  **Do this before granting WordPress admin access**
3.  **Tips for Using Uploader Widgets on WordPress Blogs**
4.  **5 Signs your WordPress Site is Hacked (And How to Fix It)**
5.  **5 WordPress Security Solutions with Free SSL Certificates**

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

What To Look For In The Best WordPress Hosting

An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors.
This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and RedM, which are game modifications for Grand Theft Auto V and Red Dead Redemption 2, as well as

Server Security / Cyber Attacks

An ongoing analysis of the **KmsdBot** botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors.

This is based on the different industries and geographies that were attacked, web infrastructure company Akamai said. Among the notable targets included FiveM and RedM, which are game modifications for Grand Theft Auto V and Red Dead Redemption 2, as well as luxury brands and security firms.

KmsdBot is a Go-based malware that leverages SSH to infect systems and carry out activities like cryptocurrency mining and launch commands using TCP and UDP to mount distributed denial-of-service (DDoS) attacks.

However, a lack of an error-checking mechanism in the malware source code caused the malware operators to inadvertently crash their own botnet last month.

"Based on observed IPs and domains, the majority of the victims are located in Asia, North America, and Europe," Akamai researchers Larry W. Cashdollar and Allen West said. "The presence of these commands tracks with previous observations of targeted gaming servers and offers a glimpse into the customers of this botnet for hire."

Akamai, which examined the attack traffic, identified 18 different commands that KmsdBot accepts from a remote server, one of which, dubbed "bigdata," caters to sending junk packets containing large amounts of data to a target in an attempt to exhaust its bandwidth.

Also included are commands such as "fivem" and "redm" that are designed to target video game mod servers, alongside a "scan" instruction that "appears to target specific paths within the target environment."

Charting the infection attempts of the botnet signals minimal activity in the Russian territory and neighboring regions, potentially offering a clue as to its origins.

A further breakdown of the attack commands observed over a 30-day time period shows "bigdata" leading with a frequency of more than 70. Calls to "fivem" have occurred 45 times, while "redm" has seen less than 10 calls.

"This tells us that although gaming servers are a specific target offered, it may not be the only industry that is being hit with these attacks," the researchers said. "Support for multiple types of servers increases the overall usability of this botnet and appears to be effective in driving in customers."

The findings come a week after Microsoft detailed a cross-platform botnet known as MCCrash that comes with capabilities to carry out DDoS attacks against private Minecraft servers.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service

All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.


**Denial of Service (DoS) Affecting lite-server package, versions **\*****

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   Snyk ID **SNYK-JS-LITESERVER-3153540**
*   published **19 Dec 2022**
*   disclosed **5 Dec 2022**
*   credit **Liran Tal, Snyk**

**How to fix?**

There is no fixed version for lite-server.

**Overview**

Affected versions of this package are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.

**Details**

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

Two common types of DoS vulnerabilities:

*   High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
    
*   Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

CVE-2022-25940: Snyk Vulnerability Database | Snyk

Categories: News
Tags: week in security

Tags:  AWIS

Tags:  weekly blog recap

Tags:  Indiana

Tags:  TikTok

Tags:  MSP

Tags:  electronic sales suppression tools

Tags:  iPhone

Tags:  Play ransomware

Tags:  ransomware

Tags:  Nebula

Tags:  Quarantine for Cloud Storage Scanning

Tags:  SOC

Tags:  ROI

Tags:  Uber

Tags:  Apple

Tags:  virtual kidnapping

Tags:  DDoS booter service

Tags:  law enforcement takedown

Tags:  InfraGuard

Tags:  InfraGuard breach

The most interesting security related news from the week of December 12 to 18.



(Read more...)




The post A week in security (December 12 - 18) appeared first on Malwarebytes Labs.

twitter

facebook

linkedin

Youtube

instagram

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

VPN Connection

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus  

What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (December 12 - 18)

Patched several months ago, researcher reports how they used Spring Boot to sneak past Akamai's firewall and remotely execute code.

Akamai's Web application firewall (WAF) is intended to fend off potential attacks like distributed denial-of-service (DDoS), but a researcher discovered a way to bypass its protections by using complex payloads to confuse its rules.

The researcher, known as Peter H., along with Usman Mansha, said Akamai has since patched against the vulnerability, which was not assigned a CVE number. In the write-up, Peter H. explained how he used a vulnerable version of Spring Boot to bypass WAF protections.

"We ended up able to bypass Akamai WAF and achieve Remote Code Execution (P1) using Spring Expression Language injection on an application running Spring Boot," the GitHub explanation of the Akamai WAF RCE find explained. "This was the 2nd RCE via SSTI we found on this program, after the 1st one, the program implemented a WAF which we were able to bypass in a different part of the application."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Researcher Bypasses Akamai WAF

Microsoft warns enterprises should pay attention to a new botnet used to launch DDoS attacks on private Minecraft Java servers.

The persistence and spread of a newly identified botnet targeting private Minecraft Java servers has far wider ramifications for enterprises than bumming out a Biome.

Microsoft researchers revealed in a report published Dec. 16 that this new botnet is used to launch distributed denial-of-service (DDoS) attacks on Minecraft servers, which might sound like kid stuff. But enterprises should take note because of the botnet's ability to target both Windows and Linux devices, spread quickly, and avoid detection, the Microsoft team added.

It starts with a user downloading a malicious downloads of "cracked" Windows licenses.

"The botnet spreads by enumerating default credentials on internet-exposed Secure Shell (SSH)-enabled devices," the Defender team reported. "Because IoT devices are commonly enabled for remote configuration with potentially insecure settings, these devices could be at risk to attacks like this botnet."

The threat researchers suggest that organizations harden their device networks against these kinds of threats.

The group's analysis revealed most of the infected devices were in Russia.

**Enterprises Beware**

Factors including the sheer number of potential server targets and the general lack of cybersecurity protections on private Minecraft servers make this botnet something security teams should take seriously, Patrick Tiquet, vice president of security architecture at Keeper Security, tells Dark Reading.

"The concern in this scenario is that there are a large number of servers that can potentially be compromised and then weaponized against other systems, including enterprise assets," Tiquet explains. "Gaming servers such as Minecraft are typically managed by private individuals who may or may not be interested in or capable of patching and following cybersecurity best-practices. As a result, this vulnerability could continue unmitigated on a large scale for an extended period of time and could potentially be leveraged to target enterprises in the future."

Beyond this particular malware, Microsoft's recommendations are a good idea for protecting the enterprise from all sorts of botnets besides just the Minecraft-focused sort, according to Vulcan Cyber's Mike Parkin.

"They're industry best practices — restricting access, changing default passwords to strong ones, enabling multifactor authentication, etc. — and should be implemented regardless," Parkin says. "While some of the techniques can be challenging to implement on some low-power IoT devices, deploying to best practices is the absolute minimum that should be happening."

New Botnet Targeting Minecraft Servers Poses Potential Enterprise Threat

By Waqas
Dubbed "MCCrash" by Microsoft, the DDoS botnet is currently targeting private Minecraft servers globally.
This is a post from HackRead.com Read the original post: Microsoft Alert: DDoS Botnet Hit Private Minecraft Servers

According to Microsoft, this is an unusual DDoS botnet boasting a unique design that lets it infiltrate Linux systems despite the malware being downloaded from Windows devices.

Remember when, **earlier in January this year**, a massive DDoS attack targeted a Minecraft event, which took down the internet service of the entire country of Andora? Well, now, a new threat has surfaced, whose target is, yet again, Minecraft servers.

Microsoft has published a warning about a cross-platform botnet designed to launch **DDoS attacks** (distributed denial of service attacks) against private Minecraft servers.

MCCrash botnet targets users in Russia, Belarus, Czechia, Ukraine, Uzbekistan, Italy, Nigeria, India, Cameroon, Indonesia, Columbia, and Mexico. Microsoft is tracking the botnet’s activities under the moniker DEV-1028.

**MCCrash Capabilities**

According to Microsoft researchers David Atch, Maayan Shaul, Mae Dotan, Yuval Gordon, and Ross Bevington, this is an unusual botnet boasting a unique design that lets it **infiltrate Linux systems** despite the fact that the malware is downloaded from Windows devices.

When the malware is removed from the infected device, the MCCrash mechanism allows it remains persistent on the unmanaged IoT devices connected to the network and keep operating.

**How Does MCCrash Spread?**

MCCrash spread by numbering default credentials on internet-exposed SSH (secure shell) enabled devices. Since **IoT devices** are usually designed for remote configuration with insecure settings, these devices can be at risk of botnet attacks.

Microsoft didn’t disclose the exact scope of this campaign. The company noted that the botnet’s initial infection point is an array of compromised machines, which it infected using **cracking tools** that promise illegal Windows licenses. The software then executes a Python payload containing the core features of the botnet.

This includes scanning for SSH-enabled Linux devices to launch a dictionary attack. When the Linux host is breached through the propagation method, the same Python payload runs DDoS commands, one of which **attacks explicitly Minecraft servers** and crashes them. Microsoft claims it is highly effective and could be offered as a service on hacking forums.

Screenshot 1 shows cracking tools used to spread the DDoS botnet – Screenshot 2: The DDoS botnet attack flow (Credit: Microsoft)

“This type of threat stresses the importance of ensuring that organizations manage, keep up to date, and monitor not just traditional endpoints but also IoT devices that are often less secure,” Microsoft’s **blog post** noted.

1.  **Minecraft declared the most malware-infected game**
2.  **Malware-infected Minecraft modpacks hit Google Play Store**
3.  **RapperBot malware targets gaming servers with DDoS attacks**
4.  **50,000 Minecraft users infected with hard drive wiping malware**
5.  **Malicious Minecraft apps on Play Store scamming millions of users**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Microsoft Alert: DDoS Botnet Hit Private Minecraft Servers

Accelerating security challenges and the increasing footprint of edge and IoT devices call for zero-trust principles to drive cyber resiliency.

As businesses ramp up their adoption of edge and Internet of Things (IoT) infrastructure, security risks that already challenge IT organizations stand to become trickier than ever. The distributed nature of edge devices, the scale of IoT, and the limited compute capacity of devices at the edge heap on added difficulties to the increasingly shaky traditional security practices of yesteryear. In the era of edge, it simply won't be feasible anymore to cling to the castle-and-moat security tactics that practitioners have held on to for probably a decade too long as it was.  

Zero-trust principles are going to be key to meeting the security challenges of today and tomorrow — and fundamental to that will be architecting secure server hardware that stands at the bedrock of edge architecture.

**The Challenges Calling for Zero Trust**

Edge and IoT notwithstanding, security threats keep growing. Recent statistics show that global attack rates are up by 28% in the last year. Credential theft, account takeovers, lateral attacks, and DDoS attacks plague organizations of all sizes. And the costs of cybercrime keep ticking upward. Recent figures by the FBI's Internet Crime Complaint Center (IC3) found that cybercrime costs in the US topped $6.9 billion, up dramatically from $1.4 billion in 2017.

Throwing transformative technology architectures into this mix will only exacerbate matters if security isn't baked into the design. Without proper planning, securing assets and processes at the edge becomes more difficult to manage due to the rapidly proliferating pool of enterprise devices.

Market stats show that there are already more than 12.2 billion active IoT and edge endpoints worldwide, with expectations that by 2025 the figure will balloon to 27 billion. Organizations carry more risk because these devices are different than traditional on-premises IT devices. Devices at the edge — particularly IoT devices — frequently:

*   Process critical data away from data centers, with data including more private information
*   Are not supported or secured as strongly by many device manufacturers
*   Don't control passwords and authentication as strongly as traditional endpoints
*   Have limited compute capacity to implement security controls or updates
*   Are geographically distributed in nonsecured physical locations with no barbed wire, cameras, or barriers protecting them

All of this adds up to an enlarged attack surface that is extremely difficult to manage due to the sheer scale of devices out there. Policies and protocols are harder to implement and manage across the edge. Even something as "simple" as doing software updates can be a huge task. For example, often IoT firmware updates require manual or even physical intervention. If there are thousands or even tens of thousands of those devices run by an organization, this quickly becomes a quagmire for an IT team. Organizations need better methods for pushing out these updates, doing remote reboots, and performing malware remediation, not to mention monitoring and tracking the security status of all of these devices.

**More Than Authentication: The Promise of Zero Trust**

Zero trust is a set of guiding principles and an architectural approach to security that's well-suited to start addressing some of the edge security challenges outlined above. The heart of the zero-trust approach is in conditional access. The idea is that the right assets, accounts, and users are only granted access to the assets they need — when they're authorized, and when the situation is safely in line with the org's risk appetite. The architecture is designed to continually evaluate and validate all of the devices and behaviors in the IT environment before granting permissions and also periodically during use. It's great for the fluidity of the edge because it's not tied to the physical location of a device, network location, or asset ownership.

It's a sweeping approach, and one that can help reduce the risk surface at the edge when it is done right. Unfortunately, many organizations have taken a myopic view of zero trust, equating it solely as an authentication and authorization play. But there are a whole lot of other crucial elements to the architecture that enterprises need to get in place.

Arguably the most critical element of zero trust is the verification of assets before access is granted**.** While secure authentication and authorization is crucial, organizations also need mechanisms to ensure the security of the device that's connecting to sensitive assets and networks — including servers handling edge traffic. This includes verifying the status of the firmware in place, monitoring the integrity of the hardware, looking for evidence of compromised hardware, and more.

**Enabling Zero Trust With the Right Hardware**

While there is no such thing as zero-trust devices, organizations can set themselves up for zero-trust success by seeking out edge hardware that's more cyber resilient and enables easier verification of assets to stand up to the rigors of a strong zero-trust approach to security.

This means paying close attention to the way vendors architect their hardware. Ask questions to ensure they're paying more than just marketing lip service to the zero trust ideal. Do they follow a framework like the US Department of Defense's seven-pillar zero-trust standards? Looking for important controls for device trust, user trust, data trust, and software trust baked into the products that organizations choose to make up their edge architecture will in turn help them build zero trust into their own architecture.

Zero Trust in the Era of Edge

Categories: News
Global law enforcement agencies came together to take down popular DDoS services.



(Read more...)




The post Worldwide law enforcement action takes down major DDoS booter services appeared first on Malwarebytes Labs.

Criminals making use of booter services which execute Distributed Denial of Service (DDoS) attacks to take down websites will have to try a little bit harder today: A major international operation has taken no fewer than 48 of the most popular booter services offline.

The operation, known as “Power Off,” included law enforcement agencies from the UK, the US, the Netherlands, Germany, and Poland.

**Sites down, operators arrested**

The sites that were taken down by law enforcement have been replaced with seizure notices which read as follows:

_This website has been seized_

_The FBI has seized this website for operating as a DDoS-for-hire service. This action has been taken in conjunction with Operation Power Off, a coordinated international law enforcement effort to dismantle criminal DDoS-for-hire services worldwide. DDoS attacks are illegal._

Law enforcement agencies have seized databases and other information relating to these services. Anyone operating or utilizing a DDoS service is subject to investigation, prosecution, and other law enforcement action.

As a result of the operation, seven individuals have been arrested in the UK and US with “further actions planned” against users of the services.

The National Crime Agency (NCA) reports that one of those arrested is just 18 years of age. “Around a quarter” of referrals to the NCA involve the use of booter services.

**Why are booters so popular?**

Booting services typically have a low technical barrier to entry. Back in the days of Xbox360, especially around 2009, custom made booter services became very popular with gamers. If you wanted to ensure victory in an online session, you could pay a small fee and dedicated services would kick the other players out of the game or you could download and run the tools yourself.

This is one way in which DDoS made the leap from “people who have a decent idea of what they’re doing in order to take a website down” to “pay me $10 and push this button to win.” As it turns out, pushing that button to win is a lot less intensive than figuring out how to make people run your executable or set up a working phishing page.

The people running these booter services know this, and that’s why they’re so popular. Need a website kicked offline? A gamer you just can’t stand? A service playing host to people you just can’t stand? Off to the booter markets you go. More often than not, people don’t realize how much trouble they can get into by using these tools. This is especially true in situations where young children or teenagers are looking to these services.

**The long arm of the law**

As the various agencies involved in this operation point out, they will be going after users of these services as well as those who operated them. They’re very clear that if you’ve used the now offline booters, you can expect to be paid a visit down the line.

Previous versions of Operation Power Down have explicitly targeted the users of DDoS tools, with police visits to the home and device confiscation thrown into the mix for good measure.

If you’re tempted to use a DDoS tool of any kind, keep this in mind. “I only used it once because I was curious” is probably not going to save you from the law’s reach. As the NCA explains, a DDoS attack a crime under the UK’s Computer Misuse Act 1990. If you’re on the fringes of illegality where this is concerned, check out their Cyber Choices page as soon as possible for a solid explanation of the consequences of these actions, and how you can use your technical skills in a positive manner.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Tag

#ddos