A wave of distributed denial of service (DDoS) from a recently discovered botnet has hit the gaming industry hard.
The Dark Frost botnet, discovered by cloud provider Akamai’s security intelligence response team, has been observed targeting various aspects of the gaming industry, from server hosting providers, streamers, gaming companies and other players .
A botnet is a network of private devices that have been compromised and are controlled by a single individual machine without the owner’s knowledge.
According to Akamai security researcher Allen West, the botnet has grown to 414 devices, most of which run the ARMv4 architecture, while others run x86, MIPSEL, MIPS, and ARM7.
“The Dark Frost botnet, inspired by Gafgyt, QBot, Mirai and other malware strains, has expanded to encompass hundreds of compromised devices,” he said.
“The makeshift botnet was created using code stolen from several popular malware families (Mirai, Gafgyt and Qbot), which gave this attacker the ability to carry out quite successful attacks against the gaming industry.”
Akamai first discovered Dark Frost on February 28, 2023 and reverse engineered it to discover that it could flood a server with traffic at a speed of 629.28 Gbps using a UDP attack, which is a specific type of DDoS attack in the that a large wave of User Datagram Protocol (UDP) packets is sent to a server, inhibiting its ability to process them all.
So far, Akamai has determined that the motive behind the attacks is largely attention-seeking, based on the threat actors’ online activity, which has revealed posts boasting about their accomplishments, even going so far as to post screenshots. screen and videos.
“This particular threat actor has taken credit for quite a few efforts, with varying levels of evidence,” West said.
“Sometimes they would just post on social media, claiming to be the cause of various problems, which in reality wouldn’t carry much weight.
“However, they occasionally follow up on these claims with screenshots documenting the results of their attacks.”
Akamai said the willingness of threat actors to boast about their activity shows that someone may not fully perceive the consequences of doing so, demonstrating a lack of experience.
It also shows that anyone has the potential to become a cyber threat.
“With enough determination and some rudimentary coding knowledge, almost anyone can become a real threat,” West said.
“This is especially true when talking about younger people who may or may not understand the possible consequences of these actions.
“Confidence in their ability to live above the law tends to overshadow established legal parameters, making them more dangerous than expected.”
Akamai concludes that despite the relatively low sophistication of the attacks, technological advances have allowed almost anyone to become an effective threat actor with astonishing reach. It also believes that the threat actor has demonstrated plans to expand its operations and inflict even greater damage. While careful not to identify the current low-level cyber threat actor, Akamai has said the security community takes basic-level cybercrime seriously.