Discover the Tools and Methods of DDoS Service Providers

Posted on May 13, 2021 by Ziv Fried

read the article

A Distributed Denial-of-Service attack, also known as a DDoS attack, is an attempt of a threat actor to crash a service (like a website), server or network by overflooding it with Internet traffic. This is usually done through a group of bots named botnets. Each bot sends traffic to the targeted IP address, often resulting in the shutdown, or denial-of-service of the site or application. Unfortunately, these attacks aren’t going away any time soon. It is estimated that DDoS attacks have increased every quarter of 2020 except for Q4. The first half of 2020 alone saw a 151% increase.

Let’s explore what can happen to a company after a DDoS attack and how dark web monitoring can mitigate or even prevent their occurrence.

DDoS Tools in the Dark Web

The dark web is full of DDoS tools and services for hire (known also as DDoS-for-hire). Two very popular tools are the booter (known also as booster) and stresser. It’s also possible to see a lot of written tutorials that explain how to execute DDoS attacks. These tools can be used to execute attacks on businesses in all types of industries.

But it’s important to keep in mind  that DDoS attacks are an issue for dark web sources as well.There are cases of DDoS attacks affecting illicit dark websites and leading to their shutdown. Some of these attacks may have been carried out by extortionists or competitors of those websites. Many dark web actors believe that these DDoS attacks were executed by law enforcement with the goal of shutting down illicit forums and marketplaces.

Why DDoS Attacks are So Damaging

The easy access of DDoS tools and services in the dark web have led to an increase in these attacks as well as their expansion to almost every industry.

They have also increased in volume and become more complex. Last year, for example, Amazon Web Services (AWS) suffered a record-breaking DDoS attack with a volume of 2.3 terabytes per second. The attack directly affected many ecommerce websites relying on AWS for their web services.

Financial damage

While threat actors can obtain DDoS tools and services for very little cost, DDoS attacks have serious consequences when targeted against businesses. Sometimes these attacks result in suspension of the company or site activity – which can translate into an immediate loss of thousands of dollars every second a successful ecommerce site is down. And that’s before additional costs for remediation of the attack and any compensation users receive as a result of the attack.

Digital Threats

DDoS attacks can also lead to additional threats, like ransomware threats or leaks of confidential data belonging to the company and its users. These cybersecurity risks not only incur financial damage but also damage a company’s reputation.

Although there are many threat actors behind DDoS attacks, some are bolder than others in their attempts at offering tools and services for them than other actors. At Webhose, we were able to find one dark web actor in particular that stood out.

Spotlight on Dark Web Actor Rootzeynus

Actor name: Rootzeynus

Main Focus: Selling tools and methods that can be used to implement successful DDoS attacks

Languages: English and Turkish

Time active on dark web: Since May 2020

Sources of activity: Telegram, Nulled, Raidforum and YouTube

Rootzeynus is a dark web actor whose main activity field is selling tools and methods that can be used to implement successful DDoS attacks. He operates a successful Telegram group named DDoS Service that has approximately 8,000 members sharing different articles, methods and tools related to DDoS attacks. Rootzeynus also has an account on dozens of hacking forums such as Nulled.to or RaidForum. He also has a YouTube channel where he shares tutorials specifically related to hacking and DDoS attacks.

Although Webhose detected his main field of activity to be focused on hacking, he also writes on other topics such as financial fraud and PII. At the present time Rootzeynus is still active in hisTelegram group and YouTube channel. We will continue monitoring his activity to investigate any new fields of activity he enters in the future.

Profile details of Rootzeynus on Telegram

Cysec experts can monitor data and offers of DDoS services in chat groups like Toozeynu’s Telegram group to understand how to protect their company assets from such attacks

Rootzeynus Telegram Group

Rootzeynus’s main activity focuses on his Telegram group and publishing content related to DDoS attacks. He shares guides that teach how to use different DDoS tools as well as offers his own services for how to perform DDoS attacks.

Rootzeynus activity into different areas of cybercrime (Source: Webhose Cyber Endpoint)
RootZeynus offering botnet network for sale on his Telegram group

The graph below shows the number of posts made by this actor on both the dark web and on his Telegram group in the last six months.

Posts made by HOSEEN in the dark web and his Telegram group in the last 6 months

Mitigating Against the Rising Cost of DDoS Attacks

As DDoS attacks increase in complexity, volume and cost, it becomes critical that companies invest in the right dark web monitoring tools to mitigate and prevent them. Here at Webhose, DDoS is just one of the many types of criminal activities we see on the dark web. The good news is that with continuous crawling of millions of sources of sites, marketplaces, files and messaging platforms to detect DDoS tools and services targeted at specific companies, these types of crimes can be mitigated and even prevented.

Want to learn more about how Webhose dark monitoring delivers the most comprehensive and continuous crawling of dark web sources? Contact our data experts today!