The rise of DDoS-as-a-Service botnets has become a major concern in the cybersecurity landscape, as hackers leverage these networks to launch devastating distributed denial-of-service attacks easily and affordably. These botnets are essentially made up of compromised devices that can be rented or leased to flood targets with high volumes of traffic, causing service disruptions or outages.
For cybercriminals, DDoS-as-a-Service offers an effortless way to extort businesses, harm others, and maintain anonymity while carrying out their malicious activities. Recently, researchers at the Sysdig Threat Research Team uncovered a DDoS-as-a-Service botnet that is powered by Mirai malware and specifically targets the gaming community.
The team identified the “rebirthltd.com” domain as the hub of this financially motivated botnet in March 2024. This service is advertised through platforms like Telegram or online shops, with a primary focus on the gaming community but also posing risks for corporate entities. By utilizing Mirai-derived botnets, threat actors employ hacked devices to conduct large-scale DDoS attacks, disrupting potential buyers and shedding light on the evolving realm of cybercrime services that can hinder business operations.
The RebirthLtd DDoS botnet, which is based on Mirai malware, is marketed as a subscription service accessible through an online store and Telegram channels. It primarily targets gamers, including video game streamers and troublemakers known as “trolls” who disrupt gameplay experiences. Operating under various hacking groups, some of whom are claimed to be part of this circle, such as CazzG, a purported Chinese administrator, this illicit ecosystem promotes the illicit sale of bots and DDoS tools with ease of access and anonymity.
The origins of the RebirthLtd DDoS botnet can be traced back to previous malware families and campaigns. Investigations reveal connections to malicious domains like shop4youv2.de and Tsuki.army, highlighting the botnet’s evolution over time. The botnet initially employed Gafgyt, QBot, and STDBot with known exploits and has since transitioned into a commercialized model offering DDoS-as-a-Service to a wider customer base.
The ever-changing tactics of threat actors underscore the importance of continuous vigilance in cybersecurity. The release of Mirai’s source code has fueled the proliferation of botnets like Rebirth, emphasizing the critical need for robust vulnerability management and real-time threat detection measures to combat such threats effectively.
As cybercriminals persist in repackaging and selling malware strains, organizations must remain proactive in fortifying their defenses against DDoS attacks and other cyber threats. With the increasing sophistication of malicious actors, cybersecurity professionals need to stay ahead of the curve by adopting advanced security measures and leveraging threat intelligence to safeguard their networks from evolving cyber threats.
In conclusion, the emergence of DDoS-as-a-Service botnets underscores the growing challenges in the cybersecurity landscape, necessitating a proactive and comprehensive approach to protecting organizations and individuals from malicious cyber activities.