{"id":92179,"date":"2023-05-31T14:29:51","date_gmt":"2023-05-31T14:29:51","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4104108"},"modified":"2023-05-31T14:29:51","modified_gmt":"2023-05-31T14:29:51","slug":"threatening-botnets-can-be-created-with-little-code-experience-akamai-finds","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=92179","title":{"rendered":"Threatening botnets can be created with little code experience, Akamai finds"},"content":{"rendered":"<div id>\n<p> Researchers at Akamai\u2019s Security Intelligence unit find a botnet specimen that reveals how successful DDoS, spam and other cyberattacks can be done with little finesse, knowledge or savvy. <\/p>\n<\/div>\n<div id>\n<figure id=\"attachment_5232\" aria-describedby=\"caption-attachment-5232\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-5232\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/05\/threatening-botnets-can-be-created-with-little-code-experience-akamai-finds.jpg\" alt=\"botnet.jpg\" width=\"1024\" height=\"1024\"><figcaption id=\"caption-attachment-5232\" class=\"wp-caption-text\">Image: iStock\/bagotaj<\/figcaption><\/figure>\n<p><a href=\"https:\/\/www.akamai.com\/glossary\/what-is-a-botnet\" target=\"_blank\" rel=\"noopener noreferrer\">Botnets<\/a>, especially botnets-for-hire, are lowering the bar to technology access for those seeking to launch distributed denial of service \u2014 or <a href=\"https:\/\/www.techrepublic.com\/article\/ddos-attacks-finland-israel\/\">DDoS<\/a> \u2014 attacks, run crypto mining operations, create spamming exploits and other nefarious applications. Botnets are also getting easier to build and deploy because, much like legitimate software development, malicious botnets can be created using existing codebases.<\/p>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read security coverage<\/h3>\n<\/aside>\n<p>One example of how little technical sophistication is required is evinced by a botnet dubbed Dark Frost by researchers at Akamai web services. In spite of its use of cobbled-together code from older botnets, Dark Frost has roped in over 400 compromised devices for exploits.<\/p>\n<p>According to Allen West, a security researcher on Akamai\u2019s Security Intelligence Response team, the financially motivated actor is targeting gaming platforms.<\/p>\n<p><strong>SEE: Akamai looks at <a href=\"https:\/\/www.techrepublic.com\/article\/akamai-focus-fake-sites-api\/\">fake sites, API vulnerabilities<\/a> (TechRepublic)<\/strong><\/p>\n<p>\u201cIt is crucial that the security community starts acknowledging low-level actors such as these in their infancies before they grow into major threats,\u201d West <a href=\"https:\/\/www.akamai.com\/blog\/security-research\/dark-frost-botnet-unexpected-author-profile\" target=\"_blank\" rel=\"noopener noreferrer\">wrote<\/a> in a blog about the attack, adding that Dark Frost isn\u2019t hard to track because of their attention seeking.<\/p>\n<p>According to research by West and other researchers looking at social media and Reddit, the actor behind the Dark Frost botnet is likely in their early 20s who claims to have been a developer for a couple of years. They say this person is probably based in the U.S. and isn\u2019t likely linked to a state actor. While probably a single individual, this actor likely interacts with a small group to share code, West and the researchers say.<\/p>\n<p>Jump to:<\/p>\n<h2 id=\"gaming\">Gaming platforms are target for hackers seeking attention<\/h2>\n<p>According to Akamai researchers, the Dark Frost botnet has primarily targeted various sects of the gaming industry including companies, game server hosting providers, online streamers and other members of the gaming community.<\/p>\n<p>West noted that games are an easy target, and there is a big audience. The rise in modders (people who modify commercial games to make them more compelling and relevant) on custom servers, make them targets because they have few defenses and aren\u2019t typically paying for large-scale protection, he said.<\/p>\n<p><strong>SEE: How Google is <a href=\"https:\/\/www.techrepublic.com\/article\/google-launches-project-shield\/\">fighting these DDoS threats<\/a> (TechRepublic)<\/strong><\/p>\n<p>\u201cThey are starting to address [cyber threats] in the custom modding industry, and there are a couple of open-source free options for security, but these actors aren\u2019t targeting ones they think have good protection,\u201d West said to TechRepublic<\/p>\n<h2 id=\"monetizing\">Monetizing DDoS<\/h2>\n<p>The Dark Frost actor was focusing on selling the tool as <a href=\"https:\/\/www.techrepublic.com\/article\/ransomware-ddos-major-upsurge-led-upstart-hacker-group\/\">DDoS<\/a>-for-hire, noted Akamai, which also said the same actor had been selling it as a spamming tool.<\/p>\n<p>\u201cThis is not their first of this kind,\u201d said West, who noted that the Dark Frost actor was selling it on Discord. \u201cHe was taking orders there, and even posting screenshots of what they said was their bank account.\u201d<\/p>\n<h2 id=\"dark-frost\">To make Dark Frost, just add codebases and mix<\/h2>\n<p>The Dark Frost botnet uses code from the infamous <a href=\"https:\/\/www.techrepublic.com\/article\/consumer-security-behind-iot-threat-landscape\/\">Mirai botne<\/a>t. West said while there are much bigger botnets out there, the Dark Frost botnet shows what you can do with just 400 compromised devices.<\/p>\n<p>\u201cThe author of Mirai put out the source code for everyone to see, and I think that it started and encouraged the trend of other malware authors doing the same, or of security researchers publishing source code to get a bit of credibility,\u201d said West. \u201cSome people think DDoS is a thing of the past, but it is still causing damage.\u201d<\/p>\n<p>According to Akamai, the botnet:<\/p>\n<ul>\n<li>Is modeled after Gafgyt, Qbot, Mirai, and other malware strains and has expanded to encompass hundreds of compromised devices.<\/li>\n<li>Has an attack potential of approximately 629.28 Gbps with UDP flood attacks.<\/li>\n<li>Is emblematic of how, with source code from previously successful malware strains and AI code generation, someone with minimal knowledge can launch botnets and malware.<\/li>\n<\/ul>\n<h2 id=\"botnet\">Lowering the botnet bar<\/h2>\n<p>West told TechRepublic that the codebases for botnets and exploits known to be effective are an easy get.<\/p>\n<p>\u201cOn public repositories it\u2019s easy to find malware that has worked effectively in the past and string together something with very minimal effort,\u201d he said. \u201cDark Frost is the perfect example; and how brazenly they talk about it just adds to the picture of someone who doesn\u2019t really get what they are doing or the implications of their actions.\u201d<\/p>\n<p>He said the actor behind Dark Frost essentially announced that they were selling illegal services.<\/p>\n<p>\u201cIt is fame seeking money seeking fame. If we look at all the malware that comes in, this one stuck because he literally signed it, and I found eight different social media platforms talking about these attacks,\u201d West said.<\/p>\n<p>The main takeaway, said West, is that, with minimal effort, the author of Dark Frost has been successful at causing damage and is aiming to organize malefactors to scale up the exploit\u2019s capabilities.<\/p>\n<p>\u201cSecurity companies and just companies in general should start recognizing these threats in their infancy in order to stop them down the road when it\u2019s an even bigger problem,\u201d he said.<\/p>\n<p> <!-- default newsletter at the end --> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Researchers at Akamai\u2019s Security Intelligence unit find a botnet specimen that reveals how successful DDoS, spam and other cyberattacks can be done with little finesse, knowledge or savvy. Image: iStock\/bagotaj Botnets, especially botnets-for-hire, are lowering the bar to technology access for those seeking to launch distributed denial of service \u2014 or DDoS \u2014 attacks, run [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":92180,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40,783,56,287],"tags":[],"class_list":["post-92179","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-cloudsync","category-cybersecurity","category-security"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=92179"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92179\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/92180"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=92179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=92179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=92179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}