Criminals develop DDoS protection to stay online when rivals or law enforcement attack

News by Rene Millman

Security researchers have discovered a newly launched DDoS protection filter mechanism dubbed EndGame advertised on the dark web community forum Dread.

Security researchers have discovered a newly launched DDoS protection filter mechanism dubbed EndGame advertised on the dark web community forum Dread.

According to a blog post by Digital Shadows, the new tool in the armoury of cybercriminals looks like a collaboration from many parts of the dark web to create a solution for an ongoing problem that many criminal forums have been experiencing – many are frequently knocked offline by rival threat actors or law enforcement trying to disable the platform.

EndGame basically works as an anti-DDoS measure for Dark Web sites, so for cybercriminals - especially Dark Web marketplace owners - it's going to offer a degree of protection against DDoS attacks as they cannot use the anti-DDoS measures frequently deployed by their targets.

According to a spokesperson, although  the tool is designed to prevent scammers/bots/DDoS events, this likely applies to both other cybercriminals but also law enforcement agencies who may try and impact the availability of a platform to get a service shut down.

“Whilst there is no evidence to substantiate this currently, it is spoken about across the dark web as a likely tactic of law enforcement. Therefore in the short-term, those attempting to prevent cybercrime are likely to be impacted as they may have to adjust tactics/mechanisms to circumvent the measures put in place, but as this appears to only be in effect on a small subset of platforms, only time will tell if this becomes a consistent issue if more platforms utilise the toolset,” the spokesperson said.

According to Digital Shadows, it is hard to determine what the ramifications maybe for the industry in general, if any.

“If the toolset is as good as the creators claim to be, it could cause a real headache for organisations and agencies who are attempting to survey the cybercriminal scene, or impact its day-to-day functioning. However, there is also the possibility that the whole thing could be a ‘flash in the pan’, as if the software is configured poorly or doesn’t function as promised, users will likely shun it and it will likely die a quick death. I would say it is too early to tell, if the use of it gains traction, then we can better determine the potential impact it may have across the cybercriminal community,” the spokesperson said.

Vince Warrinton, CEO of Protective Intelligence, told SC Media UK that there is an incentive for a rival Dark Web marketplace owner to DDoS another marketplace, as it forces the users and vendors of the targeted site onto another.

“We have also identified evidence that there is a link to some Dark Web DDoS attacks and nation-state backed groups, probably acting on the behalf of the law enforcement or intelligence agencies of certain nations. So the launch of EndGame doesn't enhance the cyber criminal's repertoire, and therefore pose any additional risk to organisations, but means it's more likely for Dark Web marketplaces to be able to stay online in the event of a DDoS attack against them,” he said.

Warrinton added there is likely to be minimal impact on the cybersecurity industry, or indeed the wider world, due to the use of EndGame, but for organisations who investigate the Dark Web it means there's an additional layer of technology to examine.

“When it comes to EndGame, legitimate organisations have little to fear. However, with attackers increasingly using the TOR network to disguise their attacks organisations will increasingly need to be aware of Darknet traffic attempting to enter and/or exit their networks."

David Kennefick, product architect at Edgescan, told SC Media UK that there is very little law-abiding organisations can do about this.

“The main benefit will be on the long term: if criminals are forced to create innovating new solutions for DDoS problems, and they open source them, we would expect to see these solutions being incorporated into commercial security offerings as soon as possible. There might actually be positive long term implications from an anti-DDoS perspective,” he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews