Cyber criminals are increasingly relying on AI chatbots and automation tools to wage devastating DDoS attacks, according to analysis from Netscout.
Research as part of a multi-series report on the DDoS-for-hire landscape, first published in December 2024, highlighted a “three-year transformation” in this area of the cyber crime ecosystem as a result of automation.
In a recent follow-up blog post, Richard Hummel, director of threat intelligence at NetScout, said this has already “democratized sophisticated cyber attacks” by giving threat actors easier access to an array of powerful tools.
“The services evolved from simple point-and-click interfaces to automated platforms featuring API integration, reconnaissance tools, and adaptive attack capabilities,” Hummel noted.
Now, the company has warned that the influx of AI assistants and chatbots represents the next step in the evolutionary path for DDoS attackers - and it’s a problem many organizations are completely oblivious to.
“The DDoS-for-hire ecosystem already has embraced automation extensively,” Hummel wrote.
“NETSCOUT’s research revealed services offering automated attack scheduling, real-time parameter adjustment, and sustained campaign management with minimal human oversight.”
Platforms used by hackers are now capable of executing “multi-vector attacks” that are able to adapt to and circumvent defensive countermeasures, Hummel noted, and enable them to wage “carpet-bombing attacks across entire subnets”.
With the addition of AI assistants, threat actors may be able to take things up a notch, transforming capabilities from “automated to truly intelligent”.
For example, he suggested that rather than users being forced to understand attack vectors or network protocols, they can use AI assistants to detail their objectives and plans using natural language prompts.
“I want to take down my competitor’s website during their Black Friday sale,” Hummel cited as an example prompt. Thereafter, researchers noted that the AI assistant could hypothetically conduct target reconnaissance and vulnerability assessments.
AI tools could also be used for “optimal timing selection” to ensure an attack hits a target organization when it’s most vulnerable.
AI will further democratize DDoS-for-hire
Hummel warned that the influx of AI assistants in this cyber criminal domain will likely have a democratizing effect, enabling lower-level hackers and those without the technical expertise to wage highly effective attacks.
DDoS-for-hire services have already lowered the bar in this regard, researchers noted, but adding conversational AI tools would “eliminate remaining barriers entirely”.
There have been notable examples of threat actors using AI tools to ramp up operations. Earlier this year, research from Abnormal Security showed hackers were using a chatbot dubbed ‘GhostGPT’ to help write malware.
Other ‘Hackbot as a Service’ offerings, such as WormGPT, were already on the scene in 2023 offering subscription services for hackers to help write phishing emails and conduct business email compromise (BEC) attacks.
What this means for defenders
The evolution of the DDoS-for-hire landscape means enterprises across a range of industries could be facing a looming onslaught of attacks, Hummel warned.
“Organizations must recognize that traditional DDoS defenses designed for predictable, signature-based attacks will prove inadequate against AI-coordinated campaigns,” he wrote.
“AI-enhanced attacks could analyze defensive responses in real time, identify rate-limiting thresholds, mimic legitimate traffic patterns, and coordinate multi-vector attacks that evolve faster than human defenders can respond.”
With this in mind, Hummel said security teams will be forced to update defensive strategies – and it’s something they should be preparing for ahead of the first wave of confirmed AI-based attacks.
Naturally, fighting AI with AI in this instance will likely be the go-to approach for many security teams.
Hummel specifically highlighted machine learning-based detection and response systems as a key tool in the armory for cyber practitioners here, largely due to the speed advantage that they will provide teams responding to incidents.
Teams will also have to “rethink incident response” and improve threat intelligence sharing across the cybersecurity community to raise awareness of potential risks or incidents.
“Traditional playbooks assuming human-speed attacks must be replaced with autonomous response capabilities that can adapt at machine speed,” Hummel noted.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- DDoS attackers are pouncing on unpatched vulnerabilities
- How to recover from a DDoS attack – and what they can teach businesses
- Application layer DDoS attacks are skyrocketing – here's why
-
The benefits of robust system redundancyIn-depth With the right hardware and software padding, businesses can reduce downtime and protecting critical assets
-
OpenAI is teaming up with Nscale and Aker to build Europe's first AI gigafactoryNews Stargate Norway aims to have 100,000 Nvidia processors up and running by the end of next year
-
Okta and Palo Alto Networks are teaming up to ‘fight AI with AI’News The expanded partnership aims to help shore up identity security as attackers increasingly target user credentials
-
Despite the hype, cybersecurity teams are still taking a cautious approach to using AI toolsNews Research from ISC2 shows the appetite for AI tools in cybersecurity is growing, but professionals are taking a far more cautious approach than other industries.
-
Application layer DDoS attacks are skyrocketing – here's whyNews The industry is seen as a prime target thanks to a reliance on online services and real-time transactions
-
Cyber professionals call for a 'strategic pause' on AI adoption as teams left scrambling to secure toolsNews Security professionals are scrambling to secure generative AI tools
-
AI security blunders have cyber professionals scramblingNews Growing AI security incidents have cyber teams fending off an array of threats
-
CISOs bet big on AI tools to reduce mounting cost pressuresNews AI automation is a top priority for CISOs, though data quality, privacy, and a lack of in-house expertise are common hurdles
-
The FBI says hackers are using AI voice clones to impersonate US government officialsNews The campaign uses AI voice generation to send messages pretending to be from high-ranking figures
-
Almost a third of workers are covertly using AI at work – here’s why that’s a terrible ideaNews Employers need to get wise to the use of unauthorized AI tools and tighten up policies
