Another day, another cyber threat discovered. Last week the world was introduced to yet another cyber menace referred to as Jen-X. No, not Generation-X, JenX, a new botnet that offers DDoS attacks for hire. Dubbed JenX, the new botnet is recruiting IoT devices and is marketing its ware over the Internet , openly offering up to up to 300Gbps attacks for as little as $20. The size of these advertised attacks are capable of disrupting organizations that lack the tools to combat DDoS attacks. The front of the operation is a gaming server rental business that operates under the domain name – sancalvicie.com. Behind the scenes of this seemingly innocent gaming site is the command and control server located at skids.sancalvicie.com that manages the devices within the Botnet. The DDoS service is listed as a rental offering on the website called Corriente Divina.
DDoS and Online Gaming
The game rental business of San Calvicie centered upon the highly popular multiplayer game years back, Grand Theft Auto: San Andreas. Besides enjoying a quick game of GTA, you can also perform DDoS attacks for a small fee. Sites such as San Calvicie attract GTA gamers who want to host their own custom versions and environments for multiplayer action. It is believed that JenX was created to disrupt services from competing Grand Auto Theft San Andreas game servers and used GTA servers to recruit IoT devices. The ties between the online gaming business and DDoS organizations is nothing new. Two months ago, founding members of a black hat group called, The Lizard Squad pled guilty to a list of extortion attacks. The group was well known for mounting DDoS attacks on gaming related services. Another example going is the Lelddos gang that regularly launched attacks against Minecraft game servers. Minecraft servers rake in a lot of money and some unprincipled game server owners are tempted to take down the servers of competitors. DDoS perpetrators have utilized the Mirai malware strain in the past to target IoT devices and create botnets that were then used in these DDoS for hire services to target Minecraft sites.
The Makeup of JenX
The JenX botnet uses hosted servers to find and infect new victims, leveraging one of two known vulnerabilities that have become popular in IoT botnets such as Satori recently- CVE-2014-8361 and CVE-2017–17215. These two vulnerabilities affect certain Huawei and Realtek routers. Unlike many botnets such as Mirai, JenX does not use distributed scanning or spread machine-to-machine. Its use of actual servers to conduct its handiwork is indeed unique. The centralized infrastructure design of JenX offers its perpetrators a higher degree of control compared to other botnets. However, it also limits the speed of its potential growth and fortunately, makes it easier to combat as well.
The DDoS as a Service Industry
The operators of these types of DDoS as a Service businesses enjoy high profit margins as high as 95% in some cases. The simplicity of going into the DDOS business reflects the simplicity of the attack itself. By unleashing a full frontal assault of junk data against the website of a competitor, a competitor can potentially lose hundreds of thousands of dollars in a relatively quick amount of time. Because so many business and organizations are dependent on their online presence to some degree, nearly everyone is vulnerable to these attacks. The price point of these types of malicious services attract unscrupulous website owners to utilize them to disrupt their competition. The unfortunate reality is that DDoS for hire operations are likely to continue.