The evolving landscape of cybersecurity is witnessing a surge in threats, and among them, SMS Bomber attacks have emerged as a concerning modern menace. These attacks involve flooding victims’ phone numbers with a deluge of text messages, triggering disruptive effects such as vibrations, alert sounds, and notifications.
SOCRadar researchers have brought to light a disturbing revelation: hackers are actively selling SMS Bomber attack tools on underground forums, utilizing them for nefarious purposes including trolling, cyberbullying, and diversion tactics. Notably, these threats extend beyond underground forums to messaging and open-source platforms like Telegram, ICQ, Discord, GitHub, and Replit.
The pricing dynamics of this illicit market were exposed by security analysts at SOCRadar, showcasing a range of offerings. The rates include options such as flooding emails, phone calls, and SMS messages. The accessibility and affordability of these attack services are concerning, with prices as low as $0.03 per spam SMS.
Particularly striking is the example of a membership-based panel discovered via a redirected link, offering various SMS attack services with fees based on attack duration. Messaging platforms like Telegram have become a breeding ground for these threats, exemplified by a channel boasting nearly 95,000 subscribers. This channel, active since December 16, 2022, underscores the scale of this issue.
Security analysts have engaged with these tools to comprehend their capabilities, discovering that the bots behind them can perform SMS flooding, make flood calls, send callback requests, prank calls, and even send recordings of the call. The researchers encountered an SMS Validator app on Telegram, mirroring the functionality of an SMS Bomber and available for a fee of $18 for single and lifetime use.
These tools have extended their reach to open-source platforms like GitHub and Replit, with cybersecurity experts spotting various code queries associated with SMS bombing. The need for robust protection measures has never been more critical, encompassing spam filters, number hiding, reliable sources, API security, authentication layers, data breach monitoring, web security, authorization, and access controls.
