Why going to the dark side is cheaper than you think
Research by WatchGuard Technologies undertaken in 2016 revealed that the cost of having your own botnet created by an individual on the underground crime ware circuit could cost as little as $500. But, with the rise in active IoT devices there has been a commensurate increase in the appetite for IoT botnets. WatchGuard took to the dark web to find out what has changed since 2016 in the ‘rent-a-botnet’ market.
There are two ways in which IoT botnets can be hired; IoT botnet setup services and IoT botnet hosted ‘booters’ and ‘stressers’.
IoT Botnet Setup Services
Originally available to rent from the early start-up of the internet when botnets were simply made up of PCs, IoT botnets take advantage of the increase in zombie bots available as IoT devices.
Sellers advertise a simple set-up service to release an executable to a given number of hosts (minimum orders are usually 50-100 hosts) with a fee per host ranging from $0.25 to $1. Buyers can add their own executable (either an original or one that has been sourced from another crime ware outlet). Once the botnet has been set-up, the seller hands it on.
IoT Botnet Hosted Distributed Denial of Service (DDoS)
Also, known as ‘stressers’ or ‘booters’, DDoS attacks have been in circulation for a number of years. Botnet stressers saturate their targets networks with large file upload and downloads or GRE packets depending on the level of layer of the OSI model used by the attacker.
These attacks require a large number of hosts to be an effective mechanism of DDoS, particularly if the intended target has good layer protection. However, dark web marketplaces are renting these IoT botnet services for a period of a single day up to several months with buyers also being able to tailor the size of the botnet.
Prices vary from a few hundred dollars to many thousand depending on size and duration of the rental.
In reality, renting an IoT botnet is no different from renting a PC botnet effectively working under the same parameters, speed and end-game. The only real difference between them is that the rise in popularity of the IoT botnet is creating a demand for which there is a limited supply. This places a lot of pressure on those individuals or organisations who supply DDoS as a service which has also ‘turned up the heat’ on their activities. The result is that some marketplaces are now banning the sale of IoT botnets.
Beyond the worrying facts that IoT botnets are on the rise is the disturbing trend that the cost to rent one is so low and that anyone (irrespective of their goals) can get their hands on one for a few hundred dollars.