Lessons from Lizard Squad, the hackers who commoditized DDoS attacks

Though designed to do harm, It had all the trappings of a real business, including some high-profile “case studies” like Microsoft and Sony


Lizard Squad DDoS Lizard Stresser Canada

Over the past few years we’ve seen the consumerization of IT, where smartphones and consumer apps have made their way into the workplace. But now we’re seeing the consumerization of cyber-attacks — if Lizard Squad is any indication of where we’re heading.

The hackers behind the distributed denial-of-service attacks that took down Xbox Live and PlayStation over Christmas are selling their DDoS cyber-attack services, called LizardStressor, starting at just $6 a month.

And yes, the tool is designed for hackers and attackers, not for IT departments testing their corporate networks against DDoS attacks. As Lizard Squad says on its website: “With this stresser, you wield the power to launch some of the world’s largest denial of service attacks.”

Supposedly, Lizard Squad attacked Microsoft and Sony because they were bored. Oh, and the networks were open to attack.

But it’s not just bored teenagers (or disenchanted adults) who are wrecking havoc with DDoS attacks. Overloading a server with requests so it’s unavailable to users for hours or even days is a method used by hacktivists and other groups that want to cause mayhem in cyberspace — even extortionists who try to force their target to pay up to make an attack stop. A DDoS attack could also be used to cover up another type of attack.

And now, for the cost of a mocha caramel soy latte, anyone can purchase a tool that will attack the website of their choice.

Indeed, Lizard Squad offers eight packages (and various add-ons), ranging from $6 to $130 (payable in bitcoin). Time is money: The longer you want to take down a network, the more it’s going to cost you. The $130 option, for example, offers to take down a site for more than eight hours.

Commercial cyber-attack tools are not new — you can find a wide selection on various hacking forums. But Lizard Squad is turning DDoS attacks into a commoditized service — even referring to it as DDoS-as-a-service. (There’s another acronym for you: DDoSaaS.)

And, according to a report from Black Lotus, attackers are getting smarter and more sophisticated, using less bandwidth to wreck havoc but creating a greater impact.

These days, DDoS attacks target connections, which makes online gaming networks easy prey, as well as any customer-facing service. Smaller networks — which don’t have sophisticated equipment in place to mitigate network floods — are also targets.

That’s not to say we won’t continue to see large-scale attacks. More sophisticated DDoS tools can have a more dramatic effect, embarrassing large public or private entities, such as the military or big-name brands.

Lizard Squad is now taking credit for hacking Malaysia Airlines’ website, which briefly redirected users to a hacking website. And it’s linking itself to Cyber Caliphate, a group accused of hacking the U.S. military’s Central Command in the name of the Islamic State.

There are plenty of legitimate security tools that IT departments can use to help guard against these types of attacks. It’s important to remember, though, that smaller networks aren’t immune simply because they’re small and presumably under-the-radar, and larger networks will have to keep pace with the increasing sophistication of attacks.

Be aware that if an attack does occur, hackers could be trying to infiltrate your systems (for, say, customer data) while IT resources are busy trying to restore service to customers — so a holistic approach to security these days is an absolute must.

Image courtesy of PANPOTE at FreeDigitalPhotos.net

Comments are closed.