New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Federal Prosecutors Charge Six Defendants Linked to Denial-of-Service Attacks

The Justice Department today announced the court-authorized seizure of 48 internet domains associated with some of the world’s leading DDoS-for-hire services, as well as criminal charges against six defendants who allegedly oversaw computer attack platforms commonly called “booter” services. The FBI is now in the process of seizing the websites that allowed paying users to launch powerful distributed denial-of-service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet. Booter services such as those named in this action allegedly attacked a wide array of victims in the United States and abroad, including educational institutions, government agencies, gaming platforms and millions of individuals. In addition to affecting targeted victims, these attacks can significantly degrade internet services and can completely disrupt internet connections. The websites targeted in this operation were used to launch millions of actual or attempted DDoS attacks targeting victims worldwide. While some of these services claimed to offer “stresser” services that could purportedly be used for network testing, the FBI determined these claims to be a pretense, and “thousands of communications between booter site administrators and their customers…make clear that both parties are aware that the customer is not attempting to attack their own computers,” according to an affidavit filed in support of court-authorized warrants to seize the booter sites. The coordinated law enforcement action comes just before the Christmas holiday period, which typically brings a significant increase in DDoS attacks across the gaming world.

Analyst Notes

A DDoS attack is an attempt to disrupt the traffic of a targeted server, service, or network by overwhelming it with a flood of Internet traffic. Threat actors send a massive number of requests for information to a server, site, or network, effectively shutting down a server and disrupting normal operations. To protect from such attacks, the Cybersecurity and Infrastructure Security Agency recommends the following.

• Enroll in a DoS protection service that detects abnormal traffic flows and redirects traffic away from your network. The DoS traffic is filtered out, and clean traffic is passed on to your network.
• Create a disaster recovery plan to ensure successful and efficient communication, mitigation, and recovery in the event of an attack.
• Install and maintain antivirus software.
• Install a firewall and configure it to restrict traffic coming into and leaving your computer.
• Evaluate security settings and follow good security practices in order to minimize the access other people have to your information, as well as manage unwanted traffic.