A recently discovered botnet called Dark Frost has emerged as a major threat to the gaming industry, specifically targeting gaming companies, game server hosting providers, online streamers, and other members of the gaming community. This botnet, which has similarities to notorious malware strains like Gafgyt, QBot, and Mirai, has rapidly grown to encompass hundreds of compromised devices, according to security researcher Allen West from Akamai.
As of February 2023, Dark Frost consists of 414 machines with different instruction set architectures, including ARMv4, x86, MIPSEL, MIPS, and ARM7. Botnets are typically large networks of compromised devices scattered across the globe. Cybercriminals exploit these enslaved hosts to carry out various activities such as cryptocurrency mining, data theft, and launching distributed denial-of-service (DDoS) attacks. In the case of Dark Frost, the primary focus is DDoS attacks.
Akamai, after identifying the botnet on February 28, 2023, reverse-engineered its operations and estimated that Dark Frost has the potential to launch UDP flood attacks at a rate of approximately 629.28 Gbps. The threat actor behind the botnet has been active since at least May 2022. What sets this case apart is that the attacker has publicly shared live recordings of their attacks, boasting about their achievements on social media platforms. They have even left digital signatures on their binary files.
To further facilitate their attacks, the adversary has set up a Discord channel where they offer DDoS-for-hire services in exchange for money. This highlights their financial motivations and indicates plans to expand their operations as a full-fledged DDoS service provider.
Dark Frost serves as a stark reminder of how easily novice cybercriminals with basic coding skills can cause significant damage using existing malware. Despite not being the most advanced adversary, the botnet has managed to compromise hundreds of devices, highlighting the extensive reach that such threat actors can have.
Protecting against the Dark Frost botnet and similar threats requires proactive measures. Gaming companies, server hosts, and community members should ensure they have robust security measures in place, including network monitoring, regular software updates, strong passwords, and DDoS protection services. By staying vigilant and implementing appropriate security practices, the gaming industry can effectively mitigate the risks posed by botnets like Dark Frost.