A pro-Russian group has created a website, ‘DDOSIA’, which pays people to launch DDOS attacks on western entities, including governments and corporations.
DDoS attacks don’t typically have much effect on their target, but they can bring your business to a complete standstill. This means that the impact of a DDoS attack can go way beyond just financial losses.
This is the great irony of DDoS attacks: they are easy to organize, simple to perform, and still carry a punch. Which is why they have been the weapon of choice for hacktivists on both sides of the Russian-Ukrainian war.
The absence of monetary rewards in hacktivist-themed DDoS attacks is what drives most volunteers to participate. Adding an incentive provides incentive for attackers who don’t necessarily support the caProjectuse.
Project DDOSIA
Project DDOSIA is a project created by the group NoName057(16) in August to help combat cyber attacks. The last time this group had been documented was early September when the report from Avast showed that the cybercrime rate increased in early September. This report also mentions how Project DDOSIA was launched by this particular group in mid-August.
Avast highlighted the presence of a DDoS module downloaded by ‘Bobik’- a remote access trojan discovered in 2020 that was being dropped by RedLine information stealer.
Avast monitored the attacker for over three months. Over this period, they found that the blocker had been involved in launching DDoS attacks against Ukrainian organizations, but they were successful in only 40% of these attempts.
DDOSIA has been operating on Telegram, with the operators distributing a link to instructions on GitHub. Over 13,000 people are members of the channel today
Due to the nature of its origins, DDOSIA has always been in line with the goals set by pro-Russian hackers. This is reflected in the recent wave of DDoS attacks against large airports in the United States.
Getting paid for DDoS power
Volunteers for DDOSIA need to register through Telegram to receive a ZIP archive with the malware (“dosia.exe”), which contains a unique ID for each user. This is to ensure that they only have one instance of dosia running at any time when performing their part in the attack.
Members can link this ID to a cryptocurrency wallet and receive money for DDoS attacks, how much they earn being linked to the amount of power they provide for the attack.
The top three contributors in every attack wave will receive 80,000 rubles ($1,250), second-place attackers get 50,000 rubles ($800), and third-place contributors are awarded 20,000 rubles ($300).
DDOSIA announced that they would distribute rewards to the top 10 contributors from their latest attack on U.S. airports, increasing the rewards for those who contributed most.
It is hard to find out accurate numbers about how many people are part of DDOSIA, but it is estimated that there are around 400 members. The group is closed and memberships can only be obtained by being invited. DDOSIA has taken on a list of 60 Ukrainian military and education sites.
Despite the appeal of a potential financial reward, it’s possible that No Name (16) will struggle to draw in large numbers of volunteers. They could end up being the only group actively participating in their area and they may well set a trend for other groups who can’t afford to be idle
Researchers at Avast have been tracking an elusive pro-Russian hacker group since June 1, 2022. They’re called “NoName057(16)” and are very active. The group — which exclusively carries out DDoS attacks — has changed and evolved throughout the Ukraine war, first targeting Ukrainian news servers, then government-owned websites in Ukraine such as utility companies, armament manufacturers or transportation companies. It also has targeted pro-Ukrainian companies and institutions in neighboring countries, including Estonia, Lithuania, Norway, and Poland. They want to take down infrastructure.
By mid-June the attacks became more politically motivated. It was mainly the Baltic states (Lithuania, Latvia and Estonia) that were targeted. The blockade of EU sanctions goods to Kaliningrad has caused trouble for Lithuanian transportation companies. Blocking railway and bus transportation too, this group targeted Lithuanian transportation companies, local railway, and bus travel.
DDoS attacks can have damaging effects on your business
NoName057 is a group on Telegram that only posts messages about successful DDoS attacks. They started their channel in March of this year and have already gathered more than 14,000 followers.
“This group has had a lot of success, but the numbers say it all. According to Martin Chlumecky, malware researcher at Avast, “While it may seem like this group has had a lot of success, statistically speaking the statistics say otherwise.” “According to the group’s self-reported statistics, they launched over 100 attacks while only having made 46 solid connections to their targets. Furthermore, some 60% of the attack sites they reported were never touched. When you take these numbers at face value it’s hard to believe that they’re as successful as”
Malware called Bobik was originally used as a remote access tool, but it has since been adapted to work with unprotected PCs around the world. The malware is spread by a dropper called Redline Stealer, which is a cybersecurity service that cybercriminals pay for to distribute the malware they want.
The command centre of this group is located in Romania and sends commands to bots located there. Previously, they had two additional servers in Romania and Russia, but these are no longer active. The bots are fed with a list of targets (mostly e-commerce sites) they are instructed to DDos. These targets are found in XML configuration files that are updated 3 times a day. The attacks usually range from a few hours to days and attempt to overload login pages, password recovery sites, and site searches.
The group’s most successful attacks can disable sites for hours or even days. In order to mitigate the damages of these happenings, smaller operators and opportunists sometimes block all traffic that’s coming from outside their country. This extreme measure is only taken when it becomes impossible to handle the heavy stream of traffic by oneself.
For the most part, NoName057’s(16) more successful attacks happen on simple informational websites. This includes just having an “about” and “mission statement” page. The servers at sites like these are usually not built to hold a lot of content and often don’t implement anti-DDoS techniques. This makes them an easy target.
How businesses and consumers can protect themselves
The problem with the current situation is that businesses and consumers are not aware of the risks they are taking. The best way to protect oneself is to be aware of what data is being collected, where it will be stored, and who will have access to it.
The first step in protecting oneself from potential privacy breaches is understanding what data is being collected.
It’s important for companies to ensure that they are only collecting the information that they need for their business purposes, and not more than what’s needed.
IT specialists recommend using specific software and cloud protection to keep your business secure. These measures not only boost efficiency, but also help protect against DDoS attacks.
You can stop your device from getting hacked by being cautious about what links you click on and attachments you open in emails. You should also keep all software updated and patch any vulnerabilities that you find.
It is hard to detect a potential DDoS attack because they don’t look like attacks. However, there are indications you can check. A way to tell if a device is attacking the network would be high traffic going to an unknown destination.
