When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
Pro-Russian threat operators have employed a new DDoS-as-a-Service (DDoSaaS) platform called “Passion” in recent attacks against medical institutions in the United States and Europe. DDoS (distributed denial of service) attacks occur when threat actors send numerous requests and trash traffic to targeted servers, causing them to become overwhelmed and stop responding to valid requests. DDoS-as-a-Service platforms rent out their available firepower to individuals wishing to launch disruptive attacks on their targets, removing the need for them to construct their own massive botnets or organize volunteer action.
The botnets are often constructed by compromising vulnerable IoT devices, including routers and IP cameras, and merging them into a huge swarm that makes malicious requests toward specific targets. Even though the origins of the Passion platform are unknown, the operation has distinct ties with Russian threat operator groups, including Killnet, MIRAI, Venom, and Anonymous Russia. Last month the Passion Botnet was used in cyberattacks targeting medical institutions in the United States, Portugal, Spain, Germany, Poland, Finland, Norway, Netherlands, and the United Kingdom in retaliation for sending tanks in support of Ukraine.
The Passion DDoS-as-a-Service platform’s operators first advertised their service in early January 2023, performing various defacements on Japanese and South African organization websites. The service works on a subscription basis, with clients able to purchase desired attack vectors, duration, and intensity. Passion provides ten attack vectors that allow subscribers to customize their attacks when needed and combine vectors to avoid targets’ mitigations. The following DDoS-as-a-Service attack methods are supported.
A seven-day subscription to the service costs $30, a monthly cost of $120, and a full year costs threat actors $1,440. Bitcoin, Tether, and the Russian payment provider QIWI are all accepted. Passion demonstrates its L4 and L7 attack capabilities and effectiveness against DDoS mitigation providers, including CloudFlare and Google Shield using Dstat.cc measurement service. The pro-Russian DDoS crowdsourcing operation “DDOSIA” was created in October 2022, compensating volunteers who participated in attacks and awarding considerable amounts to those who offered the most firepower. Passion is added to an already thriving DDoS ecosystem which increases the situation for global companies that are victims of the attacks.
As threat actor groups are looking to utilize new attack methods and techniques, including DDoS-as-a-Service (DDoSaaS) platforms, it’s critical for global companies to always remain informed of the current threat landscape and regularly update their network infrastructure to prevent future attacks. At SpearTip, our team recognizes security challenges in the cloud aren’t the same as with on-premises solutions. Our vast experience and proven methodology provide our clients with a comprehensive picture of the risks present within their cloud infrastructure and the remediation steps. Our team focuses on security misconfigurations and deviations, including reviewing account privileges and analyzing current logging details from recommended cloud security architecture. SpearTip discovers vulnerabilities in firewall systems and allows companies to dedicate their valuable resources to evaluate and prioritize fixes by providing visibility of actual network gaps, including existing false negatives. We provide clear remediation steps for all uncovered weaknesses to ensure a strengthened security posture.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.