Researchers have now found a new DDoS protection filter mechanism called ‘EndGame’ advertised on the dark web community forum ‘Dread.’
Says a blog post by Digital Shadows, this new tool looks like a ‘collaboration’ from numerous parts of the dark web to make a solution for a problem that many criminal forums have been suffering. Many are often pushed offline by rival players or the authorities attempts to disable.
EndGame works as an anti-DDoS measure for Dark Web sites. So cyber-criminals, especially Dark Web marketplace owners can gain a little protection against DDoS attacks, because they cannot use the anti-DDoS measures often used by their targets.
Commented a spokesperson, ‘although the tool is designed to stop scammers/bots/DDoS events, this likely applies to both other cyber-criminals, but also law enforcement agencies who may try & impact the availability of a platform in order to get a service shut down.’
“Whilst there is no evidence to substantiate this currently, it is spoken about across the dark web as a likely tactic of law enforcement. Therefore in the short-term, those attempting to prevent cyber-crime are likely to be impacted as they may have to adjust tactics/mechanisms to circumvent the measures put in place, but as this appears to only be in effect on a small subset of platforms, only time will tell if this becomes a consistent issue if more platforms utilise the toolset,” the spokesperson observed.
Digital Shadow have suggested that it is hard to determine what the consequences may be for the industry, if any at all.
“If the tool-set is as good as the creators claim to be, it could cause a real headache for organisations & agencies who are attempting to survey the cyberc-riminal scene or impact its day-to-day functioning.”
“However, there is also the possibility that the whole thing could be a ‘flash in the pan’, as if the software is configured poorly or doesn’t function as promised, users will likely shun it and it will likely die a quick death. I would say it is too early to tell, if the use of it gains traction, then we can better determine the potential impact it may have across the cyber-criminal community,” the spokesperson further went on to say.
Vince Warrinton, CEO of Protective Intelligence, explained that there is a real incentive for a rival Dark Web marketplace owner to DDoS another marketplace, because it forces the users & vendors of the targeted site onto another.
“We have also identified evidence that there is a link to some Dark Web DDoS attacks & nation-state backed groups, probably acting on the behalf of the law enforcement or intelligence agencies of certain nations.”
“So, the launch of EndGame doesn’t enhance the cyber criminal’s repertoire, & therefore pose any additional risk to organisations, but means it’s more likely for Dark Web marketplaces to be able to stay online in the event of a DDoS attack against them,” he explained.
Warrinton mentioned that there is likely to be ‘minimal impact’ on the cyber-security industry, or the wider world, due to the use of EndGame, but for organisations who look into the Dark Web it means there’s an further layer of technology to examine
“When it comes to EndGame, legitimate organisations have little to fear. However, with attackers increasingly using the TOR network to disguise their attacks organisations will increasingly need to be aware of Darknet traffic attempting to enter and/or exit their networks.”
David Kennefick, Product Architect at Edgescan, commented that there is not much law-abiding organisations can actually do.
“The main benefit will be on the long term: if criminals are forced to create innovating new solutions for DDoS problems, and they open source them, we would expect to see these solutions being incorporated into commercial security offerings as soon as possible. There might actually be positive long-term implications from an anti-DDoS perspective,” he concluded.