Stresser Attacks: How to Avoid the Growing Threat of “DDoS-for-Hire” Websites

| October 8, 2015

On August 28, 2015, six teenagers from the UK were arrested for using an online service known as the Lizard Stresser. They had launched a distributed denial of service (DDoS) attack against a UK government agency, bringing down the website of the National Crime Agency. Officials arrested them after they bragged about the crime on Twitter.

Employing methods that are technically legal, this destructive squad has been taking down websites using DDoS attacks since August of 2014. Although seemingly child’s play on the surface, the Lizard Stresser has the capability of (and has been rumored to target) multiple corporate websites including Sony Corp and Amazon, Inc.

How seriously should you take stresser attacks like the Lizard Stresser? A result of shady DDoS-for-Hire websites, such stressers accounted for more than 40% of all DDoS attacks in 2015 so far. The average DDoS attack can cost a business up to $40,000 an hour, making awareness of this new cyber-weapon a crucial element to preserving the future of your business.

Just What Is a DDoS Attack, and Why Do Perpetrators Get Away with It?

Basically defined, a DDoS attack is an attempt to shut down a network resource or services of a host connected to the Internet, rendering it inaccessible to intended users. The attack source often involves thousands of unique IP addresses delivering innumerable packets to a network, weakening its security infrastructure. Criminals behind these attacks often target sites or services that host high-profile web servers like banks and credit card payment gateways, but motives of revenge, blackmail, or activism may also play a role.

Even scarier than the damage stressers are capable of is how easy they are to access and deploy. Stresser services provide access to botnets, which are clusters of malware-infected devices including PCs, cellphones, and routers. For a minimal fee, these websites allow subscribers to issue attack orders to these botnet devices, firing a barrage of fake requests at a website in an attempt to take it offline.

The worst part is that any Google search will turn up a numerous stresser websites – professionally designed and creatively labeled to trick you into thinking they are legitimate software providers. Often these companies will advertise themselves as stress tests for businesses to better secure their websites, which are thinly veiled sinkholes ready to swallow your network whole. Furthermore, these DDoS-for-Hire services do not screen their users or verify them as the owners of the website they want to “stress test.” For as little as $10–$20 per month, an amateur hacker with no skills can obtain the power to cripple any unsuspecting online business.

The Damage Is Real – DDoS Attacks Could Affect Your Enterprise

Reflecting on the conquests of the Lizard Squad over the last year, it’s clear that the hacker terrain is constantly changing, and that businesses need to be prepared for anything. From bringing down the servers of the game League of Legends in August of 2014 to taking North Korea’s entire Internet completely offline in late December of the same year, these hackers signal possible devastation for a multitude of companies. Although young startups and new businesses are most vulnerable, any organization can be caught unprepared.

What’s to be done? While law enforcement does control individual cyber-criminals by prosecuting the users, they don’t penalize the operators, and are thus not attacking the root cause of the problem. PayPal freezes the accounts of anyone linked to these services, and major search engines are starting to look at reducing the exposure of stresser providers by preventing them from appearing in search results.

However, because every moment counts when a DDoS attack hits your enterprise, you need more immediate action than law enforcement to prevent severe damage. Signs a DDoS attack has occurred may be subtle at first, including an overwhelmed firewall state table, which causes reboots. Finally, the firewall may lock up, sealing the DDoS attack, preventing service from reaching your users.

Actions your IT department can take today to prevent any future stresser attacks include:

  • In-Path Deployment of a DDoS Mitigation Device – A high-performance DDoS mitigation device is critical for immediate detection and diffusion of these malicious crimes. Because stresser attacks work by blindsiding a network with a high packet-per-second rate (pps), you need something that will allow continuous analysis and processing of all incoming and outgoing traffic.
  • Mirrored Data Packets – An alternative to in-path detection, mirrored data packets provide full analysis reports, although not in the path of traffic. You’ll receive fast detection of anomalies, which may be arriving from other entry points in the network. Mirrored data packets provide a strong centralized analysis center.
  • Monitor Bandwidth – Verizon’s 2014 Data Breach Investigations Report noted that the pps rate of DDoS attacks has increased by 4.5 times compared to 2013. When comparing bandwidth metric, keep in mind that small packets use less bandwidth, while large packets use larger bandwidths. Stress attacks work by sending many small packets at a high rate, meaning you’ll want to consider larger bandwidth to keep your infrastructure solid.
  • Validate Your Network’s Security Performance – Even if your vendor provides performance numbers that match your network size, real-world performance numbers might be lower. Ensure this by having your IT experts test your prospect mitigation solution frequently, and validating it often to see how it holds up multiple potential attack scenarios.
  • The Lizard Squad may be disbanded for now, but the threat of stresser attacks is advancing into our digital age. Your best ammunition is education, awareness, and technological developments. By consolidating as one against this type of crime, business owners can slowly help overcome the veiled threats of DDoS attacks.

    At Infidati, we’re here to advise you. If you have questions or concerns about stresser attacks, contact us today.