DDoS-for-hire services have plagued the Internet for years, and recently the “Gorilla botnet” gained notoriety for performing a large number of high-profile DDoS attacks, some of which were targeted at large Dutch organizations.
In this talk we share insights of our ongoing investigations in DDoS-for-hire networks at the Delft University of Technology (TU Delft), and the methodologies we can use to map ongoing campaigns. We take a specific focus on the Gorilla bot network, which is responsible for hundreds of thousands of attacks. The aim of this talk is to provide a technical audience, but also policy professionals, with a unique insight in the DDoS-for-hire ecosystem. We do this by sharing the intelligence we obtain from several unique datasets such as IXP netflows, C2 milkers, network telescopes, honeypots, and the platforms used to sell DDoS attacks. At the end, we will provide the participants with a live dashboard of ongoing DDoS attacks and the Techniques used by the adversaries to spark a discussion on how we should defend ourselves better against these attacks.
We end the talk with a discussion on how the interplay between our university (TU Delft) and government agencies has worked in the specific case of the Gorilla botnet.
