Lizard Squad, the online group that claimed responsibility for the attacks on PlayStation’s and Xbox’s networks last month, is using thousands of hacked Internet routers to run a new attack service it’s selling to consumers.
Last month, the group launched Lizard Stresser, which is capable of launching denial-of-service attacks for as little as $3 a month. So far, Lizard Squad has taken credit for temporarily bringing down image site 8chan and security blog Krebs on Security.
According to the blog, Lizard Stresser is taking advantage of the fact many online users—including some companies and universities—never change their routers’ user names and passwords, and using malicious code to control this network of bots (a good reminder to change those default passwords).
Bots, which are used for both good and evil, now make up about half the web’s traffic, according to content delivery platform Incapsula. And impersonator bots—capable of launching denial-of-service attacks—now account for a quarter of bot traffic. By Incapsula’s count, they’re the only category of bots steadily rising in traffic in the last three years.