Preventing attack-for-hire services

It's a real thing. Here's how to fight back.

The concept of a mercenary dates back to ancient Egypt and has been a long-standing method for governments (or other groups) to supplement their military might.

So, it should not come as a surprise that a new type of mercenary has arisen in the cyber wars that are now waged daily. Wherever there is demand, someone will find a way to fill it, so now ‘Attack-for-Hire’ services proliferate, and you should account for their eventuality in your cybersecurity strategy. What Is Attack-for

What Is Attack-for-Hire?

A CSO article reported how easy it is to “Hire a DDoS service to take down your enemies” and stated: “The advent of DDoS-for-hire services means that even the least tech-savvy individual can exact  revenge on some website. Step on up to the counter and purchase a stresser that can systematically take down a company.”

It is cheaper than you may think.  BleepingComputer reported “DDoS Attacks Are $10 per Hour on the Dark Web” and provided a price list of other hacking services:

• Account hacking program: $12.99

• Hacked Instagram accounts in bulk: 1K-10K for $15-$60

• Blow Bot Banking Botnet: Monthly rental of $750-$1,200 plus $150 support

• Disdain exploit kit: $80 for a day, $500 for a week or $1,400 for a month

• Stegano exploit kit: $2,000 for a day with unlimited traffic or $15,000 for a month of unlimited traffic

• MS Office exploit builder: $450 for Lite version and $1,000 for full version

• WordPress exploit: $100

• Password stealer: $50

• Android malware loader: $1,500

• Western Union Hacking bug: $300

• DDoS attacks: $500-$1,200 for week-long attack

• ATM Skimmer, Wincor, Slimm, NCR, Diebold: $700-$1,500

• Hacking tutorials: $5-$50

With this proliferation of attack-for-hire service availability and the very low costs, it stands to reason that the impact in real damage is potentially huge.

Caught in the Act

The good news is that crime doesn’t always pay.  According to security commentator Brian Kreb, “Authorities in the United States this week brought criminal hacking charges against three men as part of an unprecedented, international takedown targeting 15 different ‘booter’ or ‘stresser’ sites — attack-for-hire services that helped paying customers launch tens of thousands of digital sieges capable of knocking Web sites and entire network providers offline.”

But this may just be the tip of the iceberg, as it appears that another 45 different booter service providers are still at large.

Preventing Attacks

Obviously, prevention is superior to remediation. So, deep inspection and analysis methods which can interpret and detect malicious code in real time and immediately block threats, preventing unwanted code affecting your IT infrastructure are the only way to go.

Your solution should ensure that every line of code is evaluated, making evasion techniques ineffective. The bottom line is that your organisation will be much better protected from attack-for-hire services.