Radware has highlighted the continued growth of the DDoS-for-hire industry, despite global efforts in the last two years from law enforcement agencies, independent researchers and corporations to curb growth through a series of takedowns and arrests.
The warning comes after threat landscape research undertaken by Daniel Smith, Information Security Researcher for Radware’s Emergency Response Team and a white-hat hacker. He provides the following comment about the research:
“Over the last two years of takedowns and arrests, the DDoS mitigation industry has seen six new attack vectors. So much for curbing the growth. Takedowns are not the long-term solution. Denial-of-service should be mitigated in different ways. To curb the growing booter and stresser / stressor industry means addressing the core problem: the devices and servers used to create largescale botnets and world record volumes. Address the growth of the IoT market and the lack of regulation and security standards for devices that get connected to the internet. In addition, address the issues surrounding open resolvers and reflectors on the Internet. While disclosures of new attack vectors are hard to keep pace with, we need to put steady pressure on those who are not patching in a reasonable amount of time and develop ways to cope with open resolvers such as DNS and NTP. If devices can be infected within seconds and open services and resolvers remain, the problem will continue. Removing that vast attack surface from the bot herders plus proper mitigation which increase the resistance against successful DDoS attacks is the only way to demotivate criminals. The ultimate solution is to make launching these assaults too difficult and too expensive. Doing so will put an end to smaller cybercriminals wannabee hackers.”
