Akamai finds that dangerous botnets can be created with little code experience


Researchers from Akamai’s Security Intelligence Unit have found a botnet pattern that shows how efficiently, intelligently, or cleverly, DDoS, spam, and other cyber attacks can be carried out.

Image: iStock/bagotaj

Botnets, especially botnets for rent, are lowering the bar for technology access for those who want to launch denial of service – or DDoS – attacks, run crypto mining operations, spamming exploits and other nefarious Create applications. The creation and deployment of botnets is also becoming easier because, like legitimate software development, malicious botnets can be created using existing codebases.

An example of how little technical sophistication is needed is exemplified by a botnet named Dark Frost by Akamai Web Services researchers. Despite the use of cobbled-together code from older botnets, Dark Frost has included more than 400 compromised devices open to exploitation.

According to Alan West, a security researcher with Akamai’s Security Intelligence Response Team, a financially motivated actor is targeting gaming platforms.

SEE: Akamai looks at fake sites, API vulnerabilities (TechRepublic)

“It is critical that the security community begins to acknowledge low-level actors before they develop into major threats,” West wrote in a blog about the attack, adding that Dark Frost is not difficult to track. attention seeking.

The actor behind the Dark Frost botnet is likely in his early 20s, according to research on social media and Reddit by West and other researchers who claims to have been a developer for a few years. They say this person is possibly based in the US and is likely not linked to any state actors. While probably a single person, this actor probably interacted with a smaller group to share code, West and the researchers say.

jump to:

Gaming platforms are targets of attention-seeking hackers

According to Akamai researchers, the Dark Frost botnet has primarily targeted various segments of the gaming industry, including companies, game server hosting providers, online streamers, and other members of the gaming community.

West noted that sports are an easy target, and have a large audience. He added that modders (people who modify commercial games to make them more compelling and relevant) on custom servers target them because they have few defenses and usually don’t pay for massive security. are doing.

WATCH: How Google is fighting these DDoS threats (TechRepublic)

“They’re starting to address [cyber threats] In the custom modding industry, there are some open-source free options for more security, but these actors aren’t targeting people they think have good security,” West told TechRepublic.

Monetization of DDoS

The Dark Frost actor was focusing on selling the tool as a DDoS-for-hire, said Akamai, which also said the same actor was selling it as a spamming tool.

“It’s not the first of its kind,” said West, who added that the Dark Frost actor was selling it on Discord. “He was there taking orders, and even posting screenshots of what he said was his bank account.”

To create Dark Frost, simply add and mix codebases

The Dark Frost botnet uses code from the infamous Mirai botnet. West said that while there are much larger botnets out there, the Dark Frost botnet shows what you can do with only 400 compromised devices.

“The author of Mirai released the source code for everyone to see, and I think this started and encouraged a trend of other malware authors, or security researchers publishing source code to gain some credibility,” West said. “Some people think DDoS is a thing of the past, but it’s still causing harm.”

According to Akamai, the botnet:

  • Gafgyt is modeled after Qbot, Mirai, and other malware strains and has expanded to include hundreds of compromised devices.
  • There is an attack capacity of about 629.28 Gbps with UDP flood attacks.
  • This is indicative of how, with the source code for already successful malware strains and AI code generation, someone with minimal knowledge can launch botnets and malware.

reduce botnet bar

West told TechRepublic that the codebase is an easy way for botnets and exploits known to be effective.

“It is easy to find malware on public repositories that has worked effectively in the past and add something with very little effort,” he said. “Dark Frost is the perfect example of this; And how brazenly they talk about it just adds to the picture of someone who doesn’t really understand what they’re doing or the implications of their actions.

He said that the actors behind Dark Frost essentially announced that they were selling illegal services.

“It’s fame looking for money, fame looking for fame. If we look at all the malware that came out, this one caught on because he literally signed it, and I’ve heard about these attacks on eight different social media platforms. Found talking,” West said.

The main conclusion, West said, is that, with minimal effort, Dark Frost’s authors have succeeded in causing harm and increasing exploitative capabilities aimed at organizing the perpetrators.

“Security companies, and general companies in general, need to start identifying these threats in their infancy to prevent them from getting in the way when they become a bigger problem,” he added.


This news is auto-generated through an RSS feed. We don’t have any command over it. News source: Multiple Agencies: hindustantimes, techrepublic, computerweekly,


Please enter your comment!
Please enter your name here