DDoS Brains that Authorities Put to Sleep in 2019

• DDoS attacks increased by 84 percent in Q1 2019, with major growth in the average duration of attacks.
• AWS, Telegram, and Wikipedia are among the top victims of DDoS this year.

DDoS is a type of cyberattack where access to the resources of a targeted website is affected due to bogus traffic on its servers. The attacks are normally launched from numerous compromised devices (often distributed globally), known as botnets.

Nabbing the crooks

It was last year when then the world’s biggest marketplace for hiring distributed denial-of-service (DDoS) attacks was brought down by an international law enforcement team. As a result, domains of 15 of the world’s biggest booters (websites that sell DDoS services) were seized, and six admins were arrested from four countries.

The crackdown led to an 85% decrease in the average size of DDoS attacks on a year-on-year basis, according to NexusGuard’s DDoS Threat Report 2018 Q4.

In the beginning of 2019, with a trove of information about WebStresser’s user base in hands, authorities heralded to pull the trigger on DDoS service buyers saying ‘we’re coming for you.’ Meanwhile, here’s the list of successful attempts made by various authorities around the world to bring down DDoS attacks this year:

• Chinese authorities, in November, clamped down and arrested a criminal group that operated a botnet of more than 200,000 infected websites that were being used to launch DDoS attacks. In most of the attacks, adversaries infected servers with backdoors that allowed hackers to control it. According to reports, firstly the release of the Mirai IoT botnet source code online in late 2016, and then the rise in local botnets over the years helped spike DDoS-for-hire services in the country. Authorities are said to have confiscated 10 million yuan ($1.4 million) from the suspects.
• Dutch police, as learned by ZDnet, took upon a hosting provider that had sheltered tens of IoT botnets, responsible for thousands of DDoS attacks around the world. The police arrested two men, whose hosting services were used by internet criminals who would perform phishing, vulnerability scanning, cryptomining operations, etc.
• In October, a Victorian man was arrested by Victoria Police and the Australian Federal Police over alleged DDoS attacks against two businesses this year. Though the names of the businesses weren’t revealed by the authorities, but it included a telecommunications business and a large shopping complex.
• In September 7, World of Warcraft Classic players experienced glitches as the game's servers buckled under stress. After two weeks, Blizzard, the developers of World of Warcraft Classic, revealed that a suspect was arrested for orchestrating DDoS attack against the games’ servers. A similar attack also hit the Overwatch game servers in the same period.

At the time of the attack, a Twitter account named ‘UKDrillas’ claimed responsibility for both the attacks. However, there is no evidence to suggest if that account was operated by the attacker. Also, nothing confirms whether that led to the arrest of the suspect.

DDoS attacks on the rise

Though the intensity of attacks declined in 2018, it seems they are back with a vengeance in 2019. At the time of Halloween, several online gambling sites in Europe including France’s Winamax and Italy’s Lottomatica were taken offline by DDoS attacks. In early June, a powerful DDoS attack hit Telegram. Wikipedia and AWS also became victims of DDoS attacks this year. According to experts, DDoS attacks in 2019 have witnessed a major growth in the average attack duration and the number of attacks has gone up by 84% in Q1 2019. It is clear that despite the ongoing battle between authorities and criminals, DDoS remains a popular attack vector,