The US Department of Justice (DOJ) announced the seizure of 48 domains offering distributed denial-of-service (DDoS) attacks as an on-demand service for cybercriminals.
A press release (opens in a new tab) from the office of U.S. Attorney for the Central District of California E. Martin Estrada revealed that in addition to these seizures, criminal charges are being filed against six defendants who are believed to have They are responsible for operating these platforms.
The news brings 'cybercrime-as-a-service' back into the spotlight, highlighted in Microsoft's November 2022 Digital Defense Report (MDDR), as well as the scourge of DDoS attacks sweeping the internet.
DDoS for rent
Previously, TechRadar Pro typically covered cybercrime as a service in the context of ransomware, which prevents personal and business users from accessing their files by encrypting them (usually until a malicious actor is ransom), or droppers, who distribute malware through delayed software. updates
However, DDoS-as-a-service (sometimes called "boot" services, since they boot specific systems from the Internet) remain a very popular choice for those looking to commit cybercrime without the technical know-how.
The US Attorney's Office says the websites seized in the operation have launched "millions" of DDoS attacks to target victims around the world, with some claiming to offer legitimate "stressing" services to businesses.
"These startup services allow anyone to launch cyberattacks that harm individual victims and compromise everyone's ability to access the Internet," U.S. Attorney Estrada said, noting that the services allow for maximum damage with minimum effort.
"This week's enforcement activity is an important milestone in our ongoing efforts to root out criminal behavior that threatens the infrastructure of the Internet and our ability to function in a digital world."
Along with these seizures, the US FBI, UK National Crime Agency and Dutch police are taking a softer approach to those who show interest in using DDoS services for hire.
An advertising campaign in the form of search engine placement ads will collect common keywords related to DDoS activity to deter potential cybercriminals from investing in these services and to educate the public about DDoS activity and how it affects them. . The FBI is also committed to helping victims whenever possible.
"Whether a criminal launches an attack independently or pays a qualified contractor to carry it out, the FBI will work with victims and use the considerable tools at our disposal to identify the person or group responsible." said Donald Alway, deputy director in charge. . from the FBI field office in Los Angeles.
“Victims of cybercrime [in the US] are urged to contact their local FBI office or file a complaint with the FBI Internet Crime Complaint Center at ic3.gov.