Gamers beware: Hackers hired for as little as five dollars

23 Oct 14

The gaming industry is the top target for Distributed Denial of Service (DDoS) attacks, according to new research from Symantec.

Symantec says the rise of the attacks are becoming increasingly devastating to service providers and players. The gaming industry experiences nearly 46 percent of DDoS attacks, followed by the software and media sectors.

DDoS attacks are frequently marketed to gamers as a way to disrupt competing teams or players. Symantec says hackers can be hired for as little as five dollars to perform an attack on any target.

While DDoS attacks are not a new concept, they have proven to be effective. The security vendor says it is likely we will see an increase in DDoS attacks from mobile and IoT devices in the future.

“Such attacks are simple to conduct for the attackers, but they can be devastating for the targeted companies,” the report says.

Amplification attacks especially are very popular at the moment as they allow relatively small botnets to take out large targets. For such an attack, spoofed traffic is sent to a third-party service, which will reflect the answer to the spoofed target.

From January to August 2014, Symantec has seen a 183 percent increase in DNS amplification attacks, making it the most popular method seen by Symantec’s Global Intelligence Network.

The report says amplification DDoS attacks using NTP were prominent in the first quarter, but have since been steadily decreasing. “This may be due to various people upgrading and reconfiguring their servers. Attackers are also experimenting with other protocols like the Simple Network Management Protocol (SNMPv2) or, as seen in September, the Simple Service Discovery Protocol (SSDP)”.

Multiple methods are often used by attackers in order to make mitigation difficult and, to make matters worse, DDoS attack services can be hired for less than US$10 on underground forums.

Symantec says it expects to see many DDoS attacks during Guy Fawkes on 5 November, as the Anonymous collective has already announced various activities under the Operation Remember campaign.

However, hacktivists protesting for their ideological beliefs are not the only ones using DDoS attacks. Symantec says it has seen cases of extortion where targets have been financially blackmailed, as well as some targeted attacks using DDoS as a diversion to distract the local CERT team while the real attack was being carried out.


Share on: LinkedIn Twitter Facebook