Did you know: Crimelords behind DDoS attacks offer customer loyalty points?

Tweaking business models for greater 404 kerching

The DDoS attack business has advanced to the point that running an attack can cost as little as $7 an hour, while the targeted company can end up losing thousands, if not millions of dollars.

Kaspersky Lab’s experts were also able to calculate that an attack using a cloud-based botnet of 1,000 desktops is likely to cost the providers about $7 per hour. These services typically retail for $25 an hour, allowing cybercrooks to pocket an estimated profit of around $18 per hour.

Crooks operating DDoS services through black market websites often offer a sophisticated service featuring convenient payment and reports about attacks, according to a new study from Kaspersky Lab. In some cases, there is even a customer loyalty programme, with clients receiving rewards or bonus points for each attack.

Attacks are priced based on their generation as well as the source of attack traffic, among other factors. For example, a botnet made up of popular IoT devices is cheaper than a botnet of servers.

Attacks on government websites and resources protected by dedicated anti-DDoS solutions are much more expensive, since the former are high risk, while the latter are more difficult to attack. On one DDoS-as-a-service website, the cost of an attack on an unprotected website ranges from $50 to $100, while an attack on a protected site costs $400 or more.

The location of targets can also be a factor. DDoS attacks on English-language websites, for example, are usually more expensive than similar attacks on Russian-language sites.

A DDoS attack can cost anything from $5 for a 300-second attack to $400 for 24 hours. The average price for an attack is around $25 per hour.

The longest DDoS attack in 2016 lasted 292 hours – or about 12 days – according to Kaspersky Lab’s research.

Kaspersky Lab also identified evidence that DDoS slingers are, in some cases, playing both sides for extra profit. Attackers sometimes demand a ransom from a target in return for not launching a DDoS attack, or to call off an ongoing attack. The ransom can sometimes be the Bitcoin equivalent of thousands of dollars. Those carrying out the blackmail don’t even need to have the resources to launch an attack – sometimes the mere threat is enough.

Some cybercriminals have no scruples about selling DDoS attacks alongside protection from them.

"We expect the profitability of DDoS attacks to continue to grow," said Russ Madley, head of B2B at Kaspersky Lab UK. "As a result, will see them increasingly used to extort, disrupt and mask other more intrusive attacks on businesses."

A separate study by DDoS mitigation outfit Imperva Incapsula reported that more advanced application layer DDoS attacks are becoming more commonplace. The number of attacks in Q4 reached an all-time high, with an average of 889 application layer assaults per week. One such attack lasted for more than 47 days. At the same time packet flood network flood attacks are increasing in volume. For example, Imperva Incapsula mitigated a massive 650Gbps network layer assault last December, the largest it has faced down to date.

Attack frequency, meanwhile, has scaled up. On average, 58.3 per cent of websites were targeted more than once, with 13.1 percent being targeted more than 10 times. China continued to be a dominating hub of botnet activity, with some 78.5 per cent of DDoS attacks worldwide originating from IPs in China. US sites featured as targets in more than half (56.7 per cent) of attacks. ®


Biting the hand that feeds IT © 1998–2017