Security News Tsunami of DDoS-for-Hire Platforms Coming From the East

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Over the past six months, a large number of DDoS-for-hire platforms — also known as DDoS booters or DDoS stressors — have appeared in China, all sporting the same interface, and seeming to be based on the same source code.

While the common train of thought would have been to believe that all of these new DDoS booters were launched by the same operator in order to increase his market dominance via different brands, an investigation by the Cisco Talos and Umbrella teams revealed the contrary.

Most DDoS booters look the same but are run by different actors
By searching for recently registered domain names containing the word "DDoS," researchers identified several DDoS-for-hire platforms for Chinese-speaking users, of which 32 used a nearly identical backend.

Information included in the domain registration data revealed that different persons were behind most platforms, contrary to an initial assessment.

This initial discovery was confirmed after researchers registered accounts on the platforms and discovered small differences on each service.

While small UI tweaks here and here were important, the most conclusive evidence that different administrators managed each service came from the different way each platform handled user payments.
Click to expand...

DDoS culture in the Southeast Asia
The culture of launching DDoS attacks is well-established in China, but also in other countries in the Southeast Asia. During the past few years, China and South Korea have been the favorite targets of DDoS attacks, but also the primary locations where DDoS botnet C&C servers were located.

In most cases, attacks are aimed at gaming servers. It is also not out of the ordinary for crooks to use DDoS attacks to extort money from companies, or businesses themselves to DDoS their competition.

According to a Kaspersky Lab report regarding DDoS activity in Q2 2017, "China, South Korea, and the USA remained leaders by both the number of attacks and the number of targets."

Below is a list of DDoS booters Cisco identified during its research:

www[.]794ddos[.]cn
www[.]dk.ps88[.]org
www[.]tmddos[.]top
www[.]wm-ddos[.]win
www[.]tc4[.]pw
www[.]hkddos[.]cn
www[.]ppddos[.]club
www[.]lnddos[.]cn
www[.]711ddos[.]cn
www[.]830ddos[.]top
www[.]bbddos[.]com
www[.]941ddos[.]club
www[.]123ddos[.]net
www[.]the-dos[.]com
www[.]etddos[.]cn
www[.]jtddos[.]me
www[.]ccddos[.]ml
www[.]87ddos[.]cc
www[.]ddos[.]cx
www[.]hackdd[.]cn
www[.]shashenddos[.]club
www[.]minddos[.]club
www[.]caihongtangddos[.]cn
www[.]zfxcb[.]top
www[.]91moyu[.]top
www[.]xcbzy[.]club
www[.]this-ddos[.]cn
www[.]aaajb[.]top
www[.]ddos[.]qv5[.]pw
www[.]tdddos[.]com
www[.]ddos[.]blue
Click to expand...
 
  • Like
Reactions: frogboy
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Applause
Polish police cracks down on DDoS-for-hire service active since 2013
Replies
0
Views
690
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
[correlate]
    • Like
    • Applause
UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users’ data
Replies
3
Views
837
News Archive
Zero Knowledge
Z
MuzzMelbourne
    • Like
    • Applause
    • +Reputation
Feds seize 13 more DDoS-for-hire platforms in ongoing international crackdown
Replies
2
Views
1,157
News Archive
MuzzMelbourne
MuzzMelbourne

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top