The operator of a 100,000-device-strong botnet arrested in Ukraine
Ukrainian law enforcement exposed an owner of a botnet with 100,000 compromised devices at his disposal. Authorities suspect the threat actor carried out DDoS attacks for paid customers.
According to the Security Service of Ukraine (SSU), distributed denial-of-service (DDoS) attacks were just one side of the perpetrators' illegal business. The hacker is said to have carried out spam and brute-force attacks as well as vulnerability scoping with malicious intent.
The SSU did not disclose the name of the suspect. However, the agency revealed that the hacker was a resident of the Ivano-Frankvisk region in Western Ukraine, bordering Romania.
The botnet operator communicated with clients via Telegram chats, with Webmoney, a Russian electronic payments system banned in Ukraine, used to take fees.
Interestingly, Rostelecom-Solar, the cybersecurity division of Russian telecom giant Rostelecom, recently announced that it 'sinkholed' 40,000 devices controlled by the largest known botnet, Mēris.
A DNS sinkhole is a mechanism that intercepts DNS requests attempting to contact known malicious domains and returning a false or controlled IP address.
It's unclear, however, if the arrest in Ukraine is related to the Mēris botnet. CyberNews researchers estimate around 250,000 devices in the botnet, with another 40,000 devices still exposed to abuse.
With a quarter of a million devices, the maximum capacity of the botnet stands at 110 million requests per second (RPS). That means that the largest DDoS attack in history, against a Russian tech company Yandex, demonstrated only 20% of the Mēris botnet capabilities.
The recent arrest is only one of several recent cybercrime-related arrests by Ukrainian authorities. A bot farm used to discredit the national vaccination program was liquidated in Eastern Ukraine last month.
Last week, Ukrainian police announced they had arrested a 25-year-old man responsible for over 100 hacks, causing $150 million in damage.
A DDoS caused internet outages in New Zealand when the country's third-largest internet service provider was hit. The attack cut off around 15% of the country's broadband customers from the internet at one point.
Recent reports show that 2021 will be yet another record year for the number of DDoS attacks carried out. Threat actors launched approximately 2.9 million DDoS attacks in the first quarter of 2021, a 31% increase from the same time in 2020.
During DDoS attacks, vast numbers of "bots" attack target computers. Hence, many entities are attacking a target, which explains the "distributed" part. The bots are infected computers spread across multiple locations. There isn't a single host. You may be hosting a bot right now and not even know it.
When DDoS attackers direct their bots against a specific target, it has some pretty unpleasant effects. Most importantly, a DDoS attack aims to trigger a "denial of service" response for people using the target system. This takes the target network offline.
If you've repeatedly struggled to access a retail website, you may well have encountered a denial of service. And it can take hours or days to recover from.