A botnet with a capacity of 1.3 million bots has been put up for sale on the dark web. The seller, who joined a hacker forum on June 7, 2023, claimed ownership of the botnet and advertised it as being located in Asia/Europe. This news has raised concerns about the potential for cyber attacks and the impact they could have on organizations.
According to the seller’s message, the botnet was available for purchase in two parts – the Loader and the Panel for stealer. The price for accessing the botnet was set at $1,000 for two spots. The seller also provided a screenshot of the panel that would be used to access the features of the botnet.
The threat intelligence platform Falcon Feeds shared the advertisement screenshot on Twitter, drawing attention to the sale of the botnet. The screenshot showed that different versions of the botnet were being sold, with prices ranging from 52,000 to 53,000. The former subscription offered lifetime access to the 1.3 million bots, while the latter allowed the buyer to access updated bots throughout their lifetime.
The updated bots referred to in the advertisement meant that if any of the 1.3 million bots were lost, new ones would not be provided. However, the seller would periodically update the existing selection of bots that could be used by the buyer. The advertisement also indicated that the bots could be used for any purpose except ransomware or killbots and could be shared with others after launching a botnet attack.
Botnets are often used to launch Distributed Denial of Service (DDoS) attacks, which overwhelm a website or network with a high volume of requests, rendering it inaccessible to users. The sale of a botnet with 1.3 million bots for a relatively low price of $1,000 is a cause for concern for organizations, as it could potentially enable a large-scale DDoS attack.
The screenshot of the dark web sale of the botnet showed the flag of the United States circled, suggesting that the botnets may be primarily located in that country. However, the map also highlighted almost all of India, indicating a possible presence of the botnets in that region as well.
In addition to the botnet sale, there have been increasing reports of malware sales and black hat hacking competitions on the dark web. One such sale involved the Cerberus Drainer, a tool capable of draining tokens and NFTs. The advertisement for this tool claimed that it was an improved version with enhanced detection evasion capabilities.
On a positive note, the dark web marketplace known as Piilopuoti was recently taken down in a collaborative effort between Finnish Customs and European partners. This marketplace had been used to sell drugs and illegal goods since May 2022.
In conclusion, the sale of a botnet with 1.3 million bots on the dark web raises concerns about the potential for large-scale cyber attacks. The availability of such a botnet for a relatively low price makes it easier for malicious actors to carry out DDoS attacks and other cybercrimes. Organizations need to be vigilant and take necessary precautions to protect themselves from such threats.