BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Bypass in the capable hands of DDoS hacktivists


    Attacks by cybercriminals on the websites of US airports, the White House, Anonymous attacks on Russian media websites, DDoS attacks - all this is just a small part of what is happening on the dark web today.

    Why do they do it?

    At first glance, it may seem that hacktivist attacks are exclusively an expression of social protest by stopping the work of the largest corporations and suppressing various information resources. However, the underlying goal is, of course, financial motivation, and under the guise of organizing such attacks, hacktivists engage in direct deception. In our world, everything revolves around money, and it would be wrong to think that hacktivists are engaged in pure altruism. The organization of any DDoS attack costs a lot of money - even to rent a botnet, you need to pay a large amount.

    One of these demonstrative attacks was the attack on the infrastructure of the national health service and the system of "e-health" in Latvia. In part, it was similar to the actions of hacktivists, but then the guys who run a large botnet came into the light, and at this stage, the Latvian healthcare system could not stand it and went out of order for several hours.

    How monetization works

    Hacktivists use two main ways to make money. The first is donations. Attacks are announced in various social media channels, and a fundraiser is announced to support cyber activists.

    Second, the organization of attacks is used as a way of self-promotion. When everyone knows that you are "the first ddoser in the area," they begin to come to you with commercial orders to organize attacks.

    What is the damage?

    No matter how loud all the ongoing attacks sound, in reality, hacktivists are not capable of doing much in terms of harming a business. As a rule, all the attacks they organize come down to basic level DDoS, which everyone has long learned to deal with, especially over the past six months.

    However, the effect of a well-placed DDoS attack is difficult to overestimate. If you arrange attacks on the largest domain name registrars, electronic signature verification centers, tax authorities, payment systems, medical systems, telemetry solutions, doing it in the “shock and awe” format, there will be a bombshell effect. It will become especially noticeable in geographically large countries such as China, India, if a DDoS attack breaks their national connectivity. Theoretically, such scenarios are quite possible, but practically at the moment, the current level of DDoS is more like attacks by schoolchildren who are trying to demonstrate more than they actually know how.

    Bypass in action

    Over the past six months, almost everyone has learned how to deal with hacktivist attacks, realized that they need to protect their DNS, mail services, etc.

    The task of attackers is to find out the real IP address behind which the portal is located, and bypassing protection against DDoS attacks “pour” malicious traffic there.

    Another way that attackers successfully use to organize bypass is DNS fuzzing. People tend to name their services and domain zones in a predictable way, and using this, attackers look for DNS servers with the same name as the attacked resource in an attempt to find "live" services located in the victim's infrastructure.

    That is why, when adding and publishing a new service, you need to be careful - the DNS record must immediately point to the IP address of the protection provider, or when setting for protection, the server IP must be changed, excluding the use of the highlighted one, which will be found in the DNS cache and history. Periodic audit of the domain zone to see where the records "look" will also help to avoid such troubles.

    Another example is any services where there is a call back from the infrastructure of the protected client. These can be two-way protocols or downloadable pictures - the attacker sends an object that includes the picture, and the infrastructure calls to download it. Thus, the IP address of the victim is revealed.

    Who is to blame and what to do?

    Ultimately, bypass is an attempt to find ways to bypass the protection provider and pierce the resource directly. As described above, this is solved in different ways, but if the business defended itself well and “cleaned up” all the ends, then there is nothing to be afraid of.

    And if there are bare ends sticking out or a business needs to be extra confident in the continuous operation of its service, in this case it is possible to organize a dedicated protection channel from the supplier's edge to the client infrastructure. And even if the main channel was “punched through” to the client, which for one reason or another was not completely closed, communication goes through a dedicated one, and the business remains online 24/7.

    Bypass prevention is a task that the security provider always solves together with the client. In addition, this is a regular task with constantly changing inputs. Any new microservice in the client's infrastructure that is published to the Web, any issued encryption certificate, a record in a domain zone, a file uploaded for download - have the potential to reveal an entry point to a hacker.

    Summing up, we can say that, in general, bypass is not as terrible as it is painted. For a protection provider, this is an additional challenge, and the more attacks the antiDDoS system neutralizes, the more opportunities it gets to learn from them, and the less likely it is to bypass the protected client.

    Author DeepWeb
    How does crypto scam work on Twitter?
    New infostealer infects devices via fake PrivateLoader websites

    Comments 0

    Add comment