Preventing Attack-for-Hire Services

The concept of a mercenary dates back to ancient Egypt and has been a long-standing method for governments (or other groups) to supplement their military might.

So, it should not come as a surprise that a new type of mercenary has arisen in the cyber wars that are now waged daily. Wherever there is demand, someone will find a way to fill it, so now “Attack-for-Hire” services proliferate, and you should account for their eventuality in your cybersecurity strategy.

What Is Attack-for-Hire?

A CSO article reported how easy it is to “Hire a DDoS service to take down your enemies” and stated:

“The advent of DDoS-for-hire services means that even the least tech-savvy individual can exact  revenge on some website. Step on up to the counter and purchase a stresser that can systemically take down a company.”

It is cheaper than you may think.  BleepingComputer reported “DDoS Attacks Are $10 per Hour on the Dark Web” and provided a price list of other hacking services:

• Account hacking program: $12.99
• Hacked Instagram accounts in bulk: 1K-10K for $15-$60
• Blow Bot Banking Botnet: Monthly rental of $750-$1,200 plus $150 support
• Disdain exploit kit: $80 for a day, $500 for a week or $1,400 for a month
• Stegano exploit kit: $2,000 for a day with unlimited traffic or $15,00 for a month of unlimited traffic
• MS Office exploit builder: $450 for Lite version and $1,000 for full version
• WordPress exploit: $100
• Password stealer: $50
• Android malware loader: $1,500
• Western Union Hacking bug: $300
• DDoS attacks: $500-$1,200 for week long attack
• ATM Skimmer, Wincor, Slimm, NCR, Diebold: $700-$1,500
• Hacking tutorials: $5-$50

With this proliferation of attack for hire service availability and the very low costs, it stands to reason that the impact in real damage can be huge.

Caught in the Act

The good news is that crime doesn’t always pay.  According to Brian Kreb’s recent post titled “Feds Charge Three in Mass Seizure of Attack-for-hire Services”:

“Authorities in the United States this week brought criminal hacking charges against three men as part of an unprecedented, international takedown targeting 15 different “booter” or “stresser” sites — attack-for-hire services that helped paying customers launch tens of thousands of digital sieges capable of knocking Web sites and entire network providers offline.”

But this may just be the tip of the iceberg according to the article, as it appears that another 45 different booter service providers are still at large:

“In a complaint unsealed today, the Justice Department said that although FBI agents identified at least 60 different booter services operating between June and December 2018, they discovered not all were fully operational and capable of launching attacks. Hence, the 15 services seized this week represent those that the government was able to use to conduct successful, high-volume attacks against their own test sites.”

Preventing Attacks

As we have discussed on numerous occasions, prevention is superior to remediation. So, considering only solutions that use deep inspection and analysis methods which can interpret and detect malicious code in real time and immediately block threats, preventing unwanted code affecting your IT infrastructure is the only way to go. 

Your solution should ensure that every line of code is evaluated, making evasion techniques ineffective. Bottom line is that your organization will be protected from attack for hire services.

See for yourself what SoleGATE can do to deliver evasion proof security and ensure your IT infrastructure is safe today. Register for a free trial today.