DDoS Guard Service Data Dump for Sale Online
Table of Contents
- By Dawna M. Roberts
- Published: Aug 03, 2021
- Last Updated: Mar 18, 2022
Russian-based company DDoS-Guard service was apparently breached, and its company and customer data are for sale online on the dark web.
What Happened?
Govinfo Security reported this week that a hacker posted a message on May 26 referring to the DDoS-Guard service on Exploit.in (a dark web site): '"a full dump of the popular DDoS-Guard online service," with a starting price for the auction set at $500,000, or a "blitz" price - think "buy it now" - set at $1.5 million. But the starting price for the auction was later reduced to $350,000.'
Russian targets are rare because Russian hackers often stay clear of other in-country rivals. However, experts wonder if this post is even real or an attempt to discredit the competition.
Who is DDoS-Guard?
Govinfo Security says 'DDoS-Guard, which bills itself as being "one of the leading service providers on the global DDoS protection and content delivery markets since 2011," has a questionable reputation.'
Along with DDoS protection, "DDoS-Guard also provides computing capacities and obstructs the identification of website owners of hundreds of shady resources that are engaged in illicit goods sale, gambling and copyright infringements."
Security experts from Singapore, Group-IB, claim that "We've seen a number of rogue websites hosted by DDoS-Guard. They were almost impossible to take down. Their answer to our numerous complaints about them protecting illegal resources is that they are not the owners of these websites. Such a safe environment for illicit online activity doesn't do any good for the global effort against cybercrime."
DDoS-Guard has a reputation for hosting dozens of scam websites such as "bitdefender-centrals.com," "nortoncomsetupz.com," and "garmin-express.support."
According to Govinfo Security, "DDoS-Guard gained extra notoriety last year for hosting far-right forums such as 8chan, which is filled with conspiracy theories promoting racism and anti-Semitism, and QAnon, which is based on the thoroughly disproven conspiracy theory that a group of Satanic-worshipping pedophiles - who also practice cannibalism - traffic in stolen children and conspired to disrupt Donald Trump's presidency."
"Where the company is based, and from whom it procures hosting resources, is not clear. As cybersecurity blogger Brian Krebs reported in January, security researcher Ron Guilmette investigated the internet addresses assigned to DDoS-Guard Corp., finding that it appears to mostly operate from Russia, although it's officially based in Belize, with an arm of the business called Cognitive Cloud LLP based in Edinburgh, Scotland."
What Information was Breached?
The leaked data includes the full source code dump, including "infrastructure, backend, frontend, and obviously network filtering/blocking" (making the software vulnerable to attacks). Sources say that customer names, IP addresses, payment information, and more are also included in the data dump. Additionally, the attackers mention that a list of customers from a popular BitTorrent site called RuTraker.org is also included.
A spokesperson from DDoS-Guard said, "We are aware that malefactors are trying to sell a certain database. Our company has not experienced any data leaks. "It is not the first time they threaten us, try to sell nonexistent data and make a profit on our company's name."
Threat researchers Group-IB say that the hacker who posted the message did not include a sample of the data to prove it's real.
Should Customers Be Worried?
Unfortunately, it is not clear whether the threat is real. However, this much is clear; law enforcement is keeping a close watch on DDoS-Guard and anything suspicious related to the company. The company's ties to crime-based domains and services put them on the radar.
Customers who use any of the services hosted by DDoS-Guard should change their credentials immediately and, if available, turn on two-factor authentication or other privacy/security controls. It's always a good idea to keep strong antivirus running on the system as well to detect and avoid any spyware, malware, or ransomware infections.
