Cyber criminals are increasingly relying on AI chatbots and automation tools to wage devastating DDoS attacks, according to analysis from Netscout.
Research as part of a multi-series report on the DDoS-for-hire landscape, first published in December 2024, highlighted a “three-year transformation” in this area of the cyber crime ecosystem as a result of automation.
In a recent follow-up blog post, Richard Hummel, director of threat intelligence at NetScout, said this has already “democratized sophisticated cyber attacks” by giving threat actors easier access to an array of powerful tools.
“The services evolved from simple point-and-click interfaces to automated platforms featuring API integration, reconnaissance tools, and adaptive attack capabilities,” Hummel noted.
Now, the company has warned that the influx of AI assistants and chatbots represents the next step in the evolutionary path for DDoS attackers - and it’s a problem many organizations are completely oblivious to.
“The DDoS-for-hire ecosystem already has embraced automation extensively,” Hummel wrote.
“NETSCOUT’s research revealed services offering automated attack scheduling, real-time parameter adjustment, and sustained campaign management with minimal human oversight.”
Platforms used by hackers are now capable of executing “multi-vector attacks” that are able to adapt to and circumvent defensive countermeasures, Hummel noted, and enable them to wage “carpet-bombing attacks across entire subnets”.
With the addition of AI assistants, threat actors may be able to take things up a notch, transforming capabilities from “automated to truly intelligent”.
For example, he suggested that rather than users being forced to understand attack vectors or network protocols, they can use AI assistants to detail their objectives and plans using natural language prompts.
“I want to take down my competitor’s website during their Black Friday sale,” Hummel cited as an example prompt. Thereafter, researchers noted that the AI assistant could hypothetically conduct target reconnaissance and vulnerability assessments.
AI tools could also be used for “optimal timing selection” to ensure an attack hits a target organization when it’s most vulnerable.
AI will further democratize DDoS-for-hire
Hummel warned that the influx of AI assistants in this cyber criminal domain will likely have a democratizing effect, enabling lower-level hackers and those without the technical expertise to wage highly effective attacks.
DDoS-for-hire services have already lowered the bar in this regard, researchers noted, but adding conversational AI tools would “eliminate remaining barriers entirely”.
There have been notable examples of threat actors using AI tools to ramp up operations. Earlier this year, research from Abnormal Security showed hackers were using a chatbot dubbed ‘GhostGPT’ to help write malware.
Other ‘Hackbot as a Service’ offerings, such as WormGPT, were already on the scene in 2023 offering subscription services for hackers to help write phishing emails and conduct business email compromise (BEC) attacks.
What this means for defenders
The evolution of the DDoS-for-hire landscape means enterprises across a range of industries could be facing a looming onslaught of attacks, Hummel warned.
“Organizations must recognize that traditional DDoS defenses designed for predictable, signature-based attacks will prove inadequate against AI-coordinated campaigns,” he wrote.
“AI-enhanced attacks could analyze defensive responses in real time, identify rate-limiting thresholds, mimic legitimate traffic patterns, and coordinate multi-vector attacks that evolve faster than human defenders can respond.”
With this in mind, Hummel said security teams will be forced to update defensive strategies – and it’s something they should be preparing for ahead of the first wave of confirmed AI-based attacks.
Naturally, fighting AI with AI in this instance will likely be the go-to approach for many security teams.
Hummel specifically highlighted machine learning-based detection and response systems as a key tool in the armory for cyber practitioners here, largely due to the speed advantage that they will provide teams responding to incidents.
Teams will also have to “rethink incident response” and improve threat intelligence sharing across the cybersecurity community to raise awareness of potential risks or incidents.
“Traditional playbooks assuming human-speed attacks must be replaced with autonomous response capabilities that can adapt at machine speed,” Hummel noted.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- DDoS attackers are pouncing on unpatched vulnerabilities
- How to recover from a DDoS attack – and what they can teach businesses
- Application layer DDoS attacks are skyrocketing – here's why
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
Trend Micro issues warning over rise of 'vibe crime' as cyber criminals turn to agentic AI to automate attacksNews Trend Micro is warning of a boom in 'vibe crime' - the use of agentic AI to support fully-automated cyber criminal operations and accelerate attacks.
-
NCSC issues urgent warning over growing AI prompt injection risks – here’s what you need to knowNews Many organizations see prompt injection as just another version of SQL injection - but this is a mistake
-
AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals — and teams at Amazon are already seeing huge gainsNews AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals, and the company has already unlocked significant benefits from the technology internally.
-
HPE selects CrowdStrike to safeguard high-performance AI workloadsNews The security vendor joins HPE’s Unleash AI partner program, bringing Falcon security capabilities to HPE Private Cloud AI
-
Microsoft opens up Entra Agent ID preview with new AI featuresNews Microsoft Entra Agent ID aims to help manage influx of AI agents using existing tools
-
GitHub is awash with leaked AI company secrets – API keys, tokens, and credentials were all found out in the openNews Wiz research suggests AI leaders need to clean up their act when it comes to secrets leaking
-
Cyber experts have been warning about AI-powered DDoS attacks – now they’re becoming a realityNews DDoS attackers are flocking to AI tools and solutions to power increasingly devastating attacks
-
Critical networks face unprecedented threat as DDoS attacks are getting shorter and more intensenews Attackers have stepped up their intrusions into core networks, according to Nokia's 11th annual Threat Intelligence Report
