Login
Get started
Get started Login
Products
Solutions
KNOWLEDGE
HELP CENTER
COMPANY

Open web

DARK WEB

DATASETS

TECHNOLOGIES

Learn

Your hub for web data

BLOG

Large Language Models: What Your Data Must Include

Large Language Models like ChatGPT, and BERT need huge and quality datasets. Here's what their datasets should include.

Back to Blog

Discover the Tools and Methods of DDoS Service Providers

May 13, 2021
Discover the Tools and Methods of DDoS Service Providers

A Distributed Denial-of-Service attack, also known as a DDoS attack, is an attempt of a threat actor to crash a service (like a website), server or network by overflooding it with Internet traffic. This is usually done through a group of bots named botnets. Each bot sends traffic to the targeted IP address, often resulting in the shutdown, or denial-of-service of the site or application. Unfortunately, these attacks aren’t going away any time soon. It is estimated that DDoS attacks have increased every quarter of 2020 except for Q4. The first half of 2020 alone saw a 151% increase.

Let’s explore what can happen to a company after a DDoS attack and how dark web monitoring can mitigate or even prevent their occurrence.

DDoS Tools in the Dark Web

The dark web is full of DDoS tools and services for hire (known also as DDoS-for-hire). Two very popular tools are the booter (known also as booster) and stresser. It’s also possible to see a lot of written tutorials that explain how to execute DDoS attacks. These tools can be used to execute attacks on businesses in all types of industries.

But it’s important to keep in mind  that DDoS attacks are an issue for dark web sources as well.There are cases of DDoS attacks affecting illicit dark websites and leading to their shutdown. Some of these attacks may have been carried out by extortionists or competitors of those websites. Many dark web actors believe that these DDoS attacks were executed by law enforcement with the goal of shutting down illicit forums and marketplaces.

Why DDoS Attacks are So Damaging

The easy access of DDoS tools and services in the dark web have led to an increase in these attacks as well as their expansion to almost every industry.

They have also increased in volume and become more complex. Last year, for example, Amazon Web Services (AWS) suffered a record-breaking DDoS attack with a volume of 2.3 terabytes per second. The attack directly affected many ecommerce websites relying on AWS for their web services.

Financial damage

While threat actors can obtain DDoS tools and services for very little cost, DDoS attacks have serious consequences when targeted against businesses. Sometimes these attacks result in suspension of the company or site activity – which can translate into an immediate loss of thousands of dollars every second a successful ecommerce site is down. And that’s before additional costs for remediation of the attack and any compensation users receive as a result of the attack.

Digital Threats

DDoS attacks can also lead to additional threats, like ransomware threats or leaks of confidential data belonging to the company and its users. These cybersecurity risks not only incur financial damage but also damage a company’s reputation.

Although there are many threat actors behind DDoS attacks, some are bolder than others in their attempts at offering tools and services for them than other actors. At Webz, we were able to find one dark web actor in particular that stood out.

Spotlight on Dark Web Actor Rootzeynus

Actor name: Rootzeynus

Main Focus: Selling tools and methods that can be used to implement successful DDoS attacks

Languages: English and Turkish

Time active on dark web: Since May 2020

Sources of activity: Telegram, Nulled, Raidforum and YouTube

Rootzeynus is a dark web actor whose main activity field is selling tools and methods that can be used to implement successful DDoS attacks. He operates a successful Telegram group named DDoS Service that has approximately 8,000 members sharing different articles, methods and tools related to DDoS attacks. Rootzeynus also has an account on dozens of hacking forums such as Nulled.to or RaidForum. He also has a YouTube channel where he shares tutorials specifically related to hacking and DDoS attacks.

Although Webz.io detected his main field of activity to be focused on hacking, he also writes on other topics such as financial fraud and PII. At the present time Rootzeynus is still active in hisTelegram group and YouTube channel. We will continue monitoring his activity to investigate any new fields of activity he enters in the future.

Profile details of Rootzeynus on Telegram

Cysec experts can monitor data and offers of DDoS services in chat groups like Toozeynu’s Telegram group to understand how to protect their company assets from such attacks

Rootzeynus Telegram Group

Rootzeynus’s main activity focuses on his Telegram group and publishing content related to DDoS attacks. He shares guides that teach how to use different DDoS tools as well as offers his own services for how to perform DDoS attacks.

Rootzeynus activity into different areas of cybercrime (Source: Webz.io Cyber Endpoint)
RootZeynus offering botnet network for sale on his Telegram group

The graph below shows the number of posts made by this actor on both the dark web and on his Telegram group in the last six months.

Posts made by HOSEEN in the dark web and his Telegram group in the last 6 months

Mitigating Against the Rising Cost of DDoS Attacks

As DDoS attacks increase in complexity, volume and cost, it becomes critical that companies invest in the right dark web monitoring tools to mitigate and prevent them. Here at Webz, DDoS is just one of the many types of criminal activities we see on the dark web. The good news is that with continuous crawling of millions of sources of sites, marketplaces, files and messaging platforms to detect DDoS tools and services targeted at specific companies, these types of crimes can be mitigated and even prevented.

Want to learn more about how Webz.io dark monitoring delivers the most comprehensive and continuous crawling of dark web sources? Contact our data experts today!

darkwebddosddos attackddos service providers
Spread the News
Previous Post
Next Post

Subscribe to our newsletter for more news and updates!

By submitting you agree to Webz.io's Privacy Policy and further marketing communications.

Read More

Dark Web Data: A Comprehensive Guide
November 19, 2023    

Dark Web Data: A Comprehensive Guide

Learn all about dark web data in our full guide. We cover what dark web data is, how to access it, how to collect data from the dark web, and how to analyze it.
The Top Dark Web Trends in 2022
December 27, 2022    

The Top Dark Web Trends in 2022

Webz.io’s cyber analyst team reveals the top dark web trends in 2022.
Revealed: Emerging Ransomware Group, Leaked AWS Accounts, & Secret Log4j Discussions
January 12, 2022    

Revealed: Emerging Ransomware Group, Leaked AWS Accounts, & Secret Log4j Discussions

In our first edition for 2022, we reveal that threat actors are discussing Log4j vulnerabilities on the dark web, the closure of popular marketplace Torrez, a new and emerging ransomware group targeting large companies and compromised AWS accounts we found ahead of the FlexBooker leak.

Feed Your Machines the Data They Need

Feed Your Machines the Data They Need

GET STARTED

Ready to Explore Web Data at Scale?

Speak with a data expert to learn more about Webz.io’s solutions
get started
Create your API account and get instant access to millions of web sources
SEE DEMO