You can (but shouldn’t) hire a botnet for less than R600

  • Analysis of darkweb forums and Telegram groups reveals how easily cybercriminals can get their hands on a botnet.
  • For just $30 (~R550) one can hire a botnet and execute DDoS attacks easily.
  • Kaspersky says that the cost of purchase/hire is eclipsed by the potential earnings to be had.

A botnet is comprised of an army of compromised devices that can be used to launch distributed denial of service (DDoS) and other cyberattacks at the click of a button.

One of the more prominent malware variants that is used in service of this goal is Mirai which can coral everything from routers to smart wireless toothbrushes into a massive botnet that threatens data centres and more.

In recent years however, cybercriminals have embraced cybercrime as a service whereby attacks, databases and more can be sold as a service to other criminals, insuring they can continue to profit off of their illicit deeds. According to Kaspersky, this extends to botnets as well.

“Botnets like Mirai are created by cybercriminals to sell and have individually tailored infection processes, malware types, infrastructure, and evasion techniques. The fraudsters sell them to other criminals on the shadow market, with botnet prices depending on quality; this year the lowest offers started at US$99 and the highest reached US$10,000,” writes Kaspersky.

These prices get lower when you simply hire a botnet. Here prices can range from $30 to $4 800 or around R550 to R88 000.

That means a cybercriminals can hire a botnet and hold a company hostage for less than R600. Granted, that is the cheapest price and we suspect the price is reflective of quality. What is important to note however is that the cost of this botnet is dwarfed by the potential earnings. Kaspersky reports that the cost of purchase or even just hiring a botnet can be recuperated in a single attack so the cost is rather negligible.

The cybersecurity company says these botnets are sold and hired out on the dark web and Telegram groups.

Perhaps most interesting is Kaspersky confirming that even in the world of cybercrime, there is no honour among thieves.

The source code of a botnet can found online at prices ranging from free to $50. This source code is obtained from leaks but do have a downside. These leaked botnets are often more easily detected by security solutions and as such, are often picked up threat actors looking to make a quick buck or they’re less sophisticated than others.

Attackers can also just hire a team to create a botnet for them with prices starting at just $3 000.

“Most of these deals occur privately, through personal messages, and partners are typically chosen based on reputation, such as forum ratings,” Alisa Kulishenko, security analyst at Kaspersky Digital Footprint Intelligence explains.

“Potential earnings from attacks using botnets for hire or sale can exceed the associated costs. They allow for activities such as illegal cryptocurrency mining or ransomware attacks, and more. Open sources report that an average ransom payment is two million U.S. dollars. In contrast, renting a botnet costs significantly less and can pay off with just one successful attack,” the analyst adds.

Combatting the sale and hiring of botnets starts with folks properly securing their digital devices, including Internet of Things gear. With no compromised tech to make use of, creating a botnet gets tougher.


About Author


Related News