Drive DDoS Toolkit — A Dirt Jumper Variant [High Risk]

Published August 28, 2013

Drive DDoS Toolkit — A Dirt Jumper Variant [High Risk]

The Drive distributed denial of service (DDoS) toolkit is used against finance firms and e-Commerce businesses as a planned distraction for criminals engaging in identity theft and fraud of customer accounts. This cybersecurity threat advisory explains how the toolkit works and how to identify an attack against your enterprise.

What You Need to Know

  • The Drive DDoS toolkit will be a growing threat to enterprises and end users, especially as new versions and variants are leaked into the public realm.
  • Many organizations are not aware of an attack by the Drive toolkit, because it does not generate excessive network traffic.
  • Attackers use encryption to hide their identities.
  • The Drive DDoS toolkit can use six different types of flood attack, including five directed at the application layer and another targeting network infrastructure.

Background

The Drive DDoS toolkit is an updated variant of the Dirt Jumper DDoS toolkit, which was in circulation as of January 2011.

  • The Dirt Jumper family of DDoS toolkits was one of the most widely used methods of DDoS attack in Q3 of 2013.
  • In August 2013, Drive was observed in the wild participating in attacks against businesses in multiple industry verticals, including financial services and e- Commerce.
  • The command and control (C&C) admin panel of the Drive DDoS toolkit makes use of the same PHP code and SQL schema as the Dirt Jumper toolkit.
  • The Drive Toolkit also delivers attack payloads similar to the Dirt Jumper toolkit.
  • New signatures and communication patterns distinguish the Drive DDoS toolkit from the original Dirt Jumper.
  • Attack instructions in the Drive variant are also simpler to use.

A large number of attack campaigns and malicious binaries have been attributed to cybercriminals using to the Drive DDoS toolkit.

  • Focus on the DDoS attack by IT security personnel may lead unprepared businesses to overlook malicious actors’ access to customer accounts.
  • Identifying the Drive DDoS toolkit as the source of attack is essential for financial institutions and e-Commerce firms in preventing and prosecuting fraud or theft.

Contact Us