Share this article on:
A wave of distributed denial-of-service (DDoS) from a newly discovered botnet has been hitting the gaming industry hard.
The Dark Frost botnet, which was discovered by the security intelligence response team at cloud provider Akamai, has been observed targeting various aspects of the gaming industry, from server hosting providers, streamers, gaming companies and other gamers.
A botnet is a network of private devices that have been compromised and are controlled by a single individual machine without the owner’s knowledge.
According to Allen West, a security researcher at Akamai, the botnet has grown to 414 devices, most of which run the ARMv4 architecture, while others run x86, MIPSEL, MIPS and ARM7.
“The Dark Frost botnet, modelled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices,” he said.
“The cobbled-together botnet was created using stolen code from several popular malware families (Mirai, Gafgyt, and Qbot), giving this attacker the ability to carry out fairly successful attacks against the gaming industry.”
Akamai first discovered Dark Frost on February 28, 2023, and reverse-engineered it to discover that it was able to flood a server with traffic at a rate of 629.28 Gbps via a UDP attack, which is a specific type of DDoS attack in which a large wave of User Datagram Protocol (UDP) packets is sent to a server, inhibiting its ability to process them all.
Akamai has so far determined that the motive behind the attacks is largely attention-seeking, based on the threat actors’ online activity, which has revealed posts bragging about their accomplishments, going as far as posting screenshots and videos.
“This particular threat actor has taken credit for quite a few endeavours, with varying levels of evidence,” said West.
“Sometimes, they simply posted on social media, claiming to be the cause of various issues, which wouldn’t really hold a lot of weight.
“However, they occasionally follow up these claims with screenshots documenting the results of their attacks.”
Akamai said that the threat actors’ willingness to boast about their activity demonstrates someone who may not fully perceive the consequences of doing so, demonstrating a lack of experience.
It also proves that just anyone has the potential to become a cyber threat.
“With enough determination and some rudimentary coding knowledge, almost anyone can become a real threat,” said West.
“This is especially true when discussing younger individuals who may or may not understand the potential consequences of these actions.
“The confidence in their ability to live above the law tends to outshine established legal parameters, making them more dangerous than expected.”
Akamai concludes that despite the relatively low sophistication of the attacks, technological advances have allowed almost anyone to become an effective threat actor with staggering reach. It also believes that the threat actor has demonstrated plans to expand their operations and inflict even greater damage. While taking care not to identify the currently low-level cyber threat actor, Akamai has said that the security community takes entry-level cyber crime seriously.