Cyber criminals are increasingly relying on AI chatbots and automation tools to wage devastating DDoS attacks, according to analysis from Netscout.
Research as part of a multi-series report on the DDoS-for-hire landscape, first published in December 2024, highlighted a “three-year transformation” in this area of the cyber crime ecosystem as a result of automation.
In a recent follow-up blog post, Richard Hummel, director of threat intelligence at NetScout, said this has already “democratized sophisticated cyber attacks” by giving threat actors easier access to an array of powerful tools.
“The services evolved from simple point-and-click interfaces to automated platforms featuring API integration, reconnaissance tools, and adaptive attack capabilities,” Hummel noted.
Now, the company has warned that the influx of AI assistants and chatbots represents the next step in the evolutionary path for DDoS attackers - and it’s a problem many organizations are completely oblivious to.
“The DDoS-for-hire ecosystem already has embraced automation extensively,” Hummel wrote.
“NETSCOUT’s research revealed services offering automated attack scheduling, real-time parameter adjustment, and sustained campaign management with minimal human oversight.”
Platforms used by hackers are now capable of executing “multi-vector attacks” that are able to adapt to and circumvent defensive countermeasures, Hummel noted, and enable them to wage “carpet-bombing attacks across entire subnets”.
With the addition of AI assistants, threat actors may be able to take things up a notch, transforming capabilities from “automated to truly intelligent”.
For example, he suggested that rather than users being forced to understand attack vectors or network protocols, they can use AI assistants to detail their objectives and plans using natural language prompts.
“I want to take down my competitor’s website during their Black Friday sale,” Hummel cited as an example prompt. Thereafter, researchers noted that the AI assistant could hypothetically conduct target reconnaissance and vulnerability assessments.
AI tools could also be used for “optimal timing selection” to ensure an attack hits a target organization when it’s most vulnerable.
AI will further democratize DDoS-for-hire
Hummel warned that the influx of AI assistants in this cyber criminal domain will likely have a democratizing effect, enabling lower-level hackers and those without the technical expertise to wage highly effective attacks.
DDoS-for-hire services have already lowered the bar in this regard, researchers noted, but adding conversational AI tools would “eliminate remaining barriers entirely”.
There have been notable examples of threat actors using AI tools to ramp up operations. Earlier this year, research from Abnormal Security showed hackers were using a chatbot dubbed ‘GhostGPT’ to help write malware.
Other ‘Hackbot as a Service’ offerings, such as WormGPT, were already on the scene in 2023 offering subscription services for hackers to help write phishing emails and conduct business email compromise (BEC) attacks.
What this means for defenders
The evolution of the DDoS-for-hire landscape means enterprises across a range of industries could be facing a looming onslaught of attacks, Hummel warned.
“Organizations must recognize that traditional DDoS defenses designed for predictable, signature-based attacks will prove inadequate against AI-coordinated campaigns,” he wrote.
“AI-enhanced attacks could analyze defensive responses in real time, identify rate-limiting thresholds, mimic legitimate traffic patterns, and coordinate multi-vector attacks that evolve faster than human defenders can respond.”
With this in mind, Hummel said security teams will be forced to update defensive strategies – and it’s something they should be preparing for ahead of the first wave of confirmed AI-based attacks.
Naturally, fighting AI with AI in this instance will likely be the go-to approach for many security teams.
Hummel specifically highlighted machine learning-based detection and response systems as a key tool in the armory for cyber practitioners here, largely due to the speed advantage that they will provide teams responding to incidents.
Teams will also have to “rethink incident response” and improve threat intelligence sharing across the cybersecurity community to raise awareness of potential risks or incidents.
“Traditional playbooks assuming human-speed attacks must be replaced with autonomous response capabilities that can adapt at machine speed,” Hummel noted.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- DDoS attackers are pouncing on unpatched vulnerabilities
- How to recover from a DDoS attack – and what they can teach businesses
- Application layer DDoS attacks are skyrocketing – here's why
-
Manufacturers report millions in losses as downtime wreaks havoc on operationsNews UK manufacturers are losing up to £736 million every week due to downtime, according to new research, with outages lasting for several days on end.
-
Microsoft gives OpenAI restructuring plans the green lightNews The deal removes fundraising constraints and modifies Microsoft's rights to use OpenAI models and products
-
Cyber experts have been warning about AI-powered DDoS attacks – now they’re becoming a realityNews DDoS attackers are flocking to AI tools and solutions to power increasingly devastating attacks
-
Critical networks face unprecedented threat as DDoS attacks are getting shorter and more intensenews Attackers have stepped up their intrusions into core networks, according to Nokia's 11th annual Threat Intelligence Report
-
Generative AI attacks are accelerating at an alarming rateNews Two new reports from Gartner highlight the new AI-related pressures companies face, and the tools they are using to counter them
-
Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malwareNews TrendMicro has called for caution on how much detail is disclosed in security advisories
-
Anthropic admits hackers have 'weaponized' its tools – and cyber experts warn it's a terrifying glimpse into 'how quickly AI is changing the threat landscape'News Security experts say Anthropic's recent admission that hackers have "weaponized" its AI tools gives us a terrifying glimpse into the future of cyber crime.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malwareNews Researchers say the tool is already achieving the “gold standard” in malware classification
-
US authorities just took down 'one of the most powerful DDoS botnets to ever exist’ with help from AWS
News The Rapper Bot botnet was responsible for a series of large-scale DDoS attacks on government agencies and tech companies. Now it's gone.
