• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Do You Know How Much It Costs to Rent an IoT Botnet?

March 7, 2017 By The Editor

money laundering black market

Renting an IoT botnet is probably less expensive than you think. IoT botnets are the new Flavor of the Month when it comes to cyber attack services for sale on underground forums. Last year we looked at hacking services available for hire on several crimeware sites and found that having a hacker create your own personal botnet would run you about $500. Following the global impact of the Mirai botnet and the fact that the number of active IoT devices is on the rise, we wondered how the underground botnet-for-hire market has changed. So we browsed several sites on the dark web to take a closer look. Here’s what we found.

 IoT botnets are advertised in two different ways:

  1 – IoT botnet setup services

Botnet setup services themselves are nothing new. Bad guys have been creating botnets since the early days of the internet, but in the past, these botnets were made up of PCs. Now they can be made up of IoT devices as well, so there’s a much larger pool of potential zombie bots in existence. The sellers advertise the ability to exploit and install an executable on a certain number of hosts for a fee. Sometimes this executable is a “homebrew” that the buyer has made themselves, but more commonly it’s botnet malware that the buyer obtained on a separate marketplace. Prices range from $0.25 to $1 per host, with minimum orders of around 50-100. Once the botnet is set up, the sellers turns it over to the buyer to do whatever they want with it. 

2 – IoT botnet hosted “stressers” and “booters”

As with botnet setup services, stressers or distributed denial of service attacks (DDoS) have been around for a while. Stressers are usually advertised using the layer of the OSI model that their attacks use. Botnet-based stressers are usually layer-4 or layer-7 attacks. In a layer-4 attack, botnet hosts drain resources on the target with a flood of new connections or by abusing transport-layer protocols. The Mirai botnet for example, operated as a layer-4 attack by flooding the victim with GRE packets, a type of packet that would normally be used to create a point-to-point link over the internet. In a layer-7 attack, botnet hosts saturate bandwidth with application data like a large file download or upload. Both of these types of attacks require a huge number of hosts to be effective against a protected target.

 Dark web merchants are advertising IoT botnet stressers similarly to traditional Windows-based stressers. Clients can purchase access to the stresser service for a period ranging from a day to several months. Within their service period, clients can launch a limited number of attacks per day with a guaranteed minimum duration ranging from a few minutes to a few hours. Some stresser services offer lifetime access with unlimited attacks for a much higher price, allowing rich buyers to execute DDoS attacks on a whim. Prices for these botnets range from a few hundred dollars for a short attack window to several thousand for larger IoT botnets.

Blast From the Past

Renting or buying an IoT botnets works just like renting or buying an old PC botnet. Their speeds are also similar. The only difference we found was an increase in popularity of IoT botnets – most likely due to high-profile attacks in the news. One marketplace we researched actually banned the sale of DDoS-as-a-service, evidently because they were getting too much heat. Outside of these underground marketplaces, we’re seeing a lot more requests for free tips and assistance in setting up IoT botnets as well.

Creating a DDOS attack seems very complex from an outside perspective, but the reality is that even an amateur can buy one of these attacks for a few hundred dollars for any reason, or no reason at all. Scary!

 For more information on IoT botnets, see some of WatchGuard CTO Corey Nachreiner’s videos on the Mirai botnet and its creator.

Share This:

Related

Filed Under: Editorial Articles Tagged With: botnet, DDoS, Hacking, Malware

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use