A Distributed Denial of Service (DDoS) assault is a malevolent effort to disrupt the regular operation of a targeted server, service, and network by inundating them with a surge of internet traffic from numerous compromised devices.
Organizations face significant dangers from DDoS attacks, as they can result in service interruptions and substantial financial damages.
Recently, cybersecurity analysts at Cloudflare’s Cloudforce One uncovered that LameDuck’s Skynet Botnet carried out over “35,000 DDoS assaults” on various organizations.
January 2023 witnessed an intriguing development with the emergence of a threat collective known as “Anonymous Sudan” (also referred to as “LameDuck”).
This sophisticated threat alliance is handled by two siblings from Sudan. The collective engaged in cyber assaults on organizations’ infrastructures in the form of DDoS attacks, rendering several services unusable for legitimate users.
LameDuck’s operations were noticeably varied and targeted vital infrastructures across multiple regions. These crucial infrastructures include:-
- Airports
- Hospitals
- Telecommunication companies
- Financial service providers
Observed targeted threat actors have employed a dual-strategy methodology amalgamating political hacktivism with profit-oriented cybercrimes.
One of their primary instruments was the provision of “DDoS-for-hire services,” through which they leased out attack facilities to more than 100 clients globally.
Analysts observed that ransom DDoS activities were also conducted, demanding Bitcoin payments (ranging from “$3,500” to “$3 million”) for halting their assaults.
The alliance garnered significant attention by exploiting social media platforms to amplify their successful strikes against prominent targets.
Nevertheless, they accomplish this through their partnerships with other hacktivist factions ‘Killnet’ and ‘Turk Hack Team’.
Additionally, they engage in synchronized campaigns like “#OpIsrael” and “#OPAustralia,” underscoring their adeptness in both ‘Technical cyber operations’ and ‘social engineering strategies’.
More than 35,000 DDoS attacks executed by LameDuck were confirmed, utilizing their advanced DCAT.
They were erroneously christened:-
- Godzilla Botnet
- Skynet Botnet
- InfraShutdown
As opposed to traditional perpetrators who leverage botnet devices for attacking compromised websites, “LameDuck” adopted a three-tiered infrastructure for their operations.
To optimize the impact of their actions, their technical arsenal includes “Layer 7 assaults” employing “HTTP GET” inundation alongside “TCP-based” direct-path attacks and “UDP” reflection parameters.
By targeting “high-value endpoints,” employing low RPS rates to avoid detection, and initiating simultaneous “blitz strikes” across multiple subdomains, the collective exhibited tactical prowess.
For maintaining anonymity, they employed both free and premium proxy services. Moreover, they strategically timed their assaults during periods of “peak usage” to enhance disruption.
Their approach involved overwhelming the web infrastructures of victim organizations with immense traffic volumes.
The combination of “technical proficiency,” “strategic scheming,” and “psychological manipulation” sets “LameDuck” apart from conventional “hacktivist associations.”
Recommendations
Below we have listed all the suggestions:-
- Activate continuous DDoS mitigation for all traffic layers.
- Employ a Web Application Firewall (WAF) to thwart malevolent HTTP traffic.
- Implement rate limitations to manage incoming requests.
- Utilize content caching on a Content Delivery Network (CDN) to alleviate server loads.
- Establish response protocols and conduct log analyses for counteracting assaults.
The post LameDuck’s Skynet Botnet Launched 35,000+ DDoS Attacks appeared first on Cyber Security News.