sb-as logo
Story image

It’s an active buyer’s market for DDoS-as-a-Service - NETSCOUT

24 Sep 2018

By NETSCOUT Arbor South Asia regional director Jason Hilling

There are an increasing number of independent providers of DDoS-attacks-as-a-Service.

Promoting their criminal services online, these DDoS developers can either sell attackers access to the tools to conduct their own attack, or they will launch the attack on the client’s behalf and provide detailed reports about their achievements.

There is a lot of competition in this market, so fees are shrinking rapidly while service offerings are expanding. 

As a result, the off the shelf DDoS business is very much a buyer’s market.

Often called “stressers” or “booters,” the price for these DDoS attack services vary significantly, as do estimates of the total impact of an attack for the target.

However, the monetisation of this services is simple: DDoS attacks are cheaper than ever for attackers, lucrative for the attack service provider and financially and operationally crippling for the victim.

The low cost and turnkey nature of attack services which require nothing to build or configure have democratised DDoS attacks.

A volume play

Individual DDoS attacks can now be launched for as little as US$5.

As such, attack service providers look to make their money on volume; explaining why a DDoS attack occurs every six seconds.

One such attacker was arrested by police in Croatia in April for his DDoS for hire service called Webstresser.org, which has been implicated in multiple attacks on banks.

The 19-year-old man they suspect is behind Webstresser.org allowed users to rent DDoS infrastructure to shut down or slow websites by flooding them with data.

To capitalise on increasingly lucrative opportunities to unleash DDoS attacks worldwide, more and more of these DDoS-for-hire providers resemble legitimate service provider infrastructures with significant computing power. 

They typically run their own botnets - vast networks of Internet-connected computers, machines and devices infected with malware that turns them into “bots,” or oblivious robotic accomplices, to launch DDoS attacks.

Perpetrators can rent the providers’ botnets by the hour, day or week, or in some cases can buy a specific number of bots outright.

The mechanics of transactions follow a classic web service model, meaning the perpetrator and the provider need never come into contact.

A variety of attack flavours 

Providers that conduct attacks-as-a-service boldly post their “menus” online with tiered pricing reflecting the many different flavours of attacks they offer.

Prices are based on several factors and can include the duration of the attack, defensive measures used by the target, the perceived value of the target, the country in which the attack takes place, or the different attack methodologies employed.

Increasingly, other criteria can apply, including attacks on government agencies and financial institutions, which can command a significant premium.

Incidentally, attack vendors charge a higher price for attacks on organisations they discover are using strong anti-DDoS protective measures.

One threat actor tracked by the NETSCOUT Arbor security engineering and response team (ASERT) offered $US60 daily and US$400 weekly pricing, as well as discounts on orders of US$500 or US$1,000.

ASERT’s research pegged the mean cost at US$66 per attack, compared to the potential cost to the victim of around US$500 per minute.

Paying a steep price 

For a large organisation, the cost of being attacked can be substantially higher. 

The consequences of DDoS attacks are severe and getting worse, according to NETSCOUT Arbor’s 13th annual Worldwide Infrastructure Security Report (WISR). 

The number of survey respondents reporting revenue loss as a business impact of DDoS attacks nearly doubled in 2017.

Those who reported the cost of internet downtime at US$501 to US$1,000 per minute increased by nearly 60%.

Around 10% of enterprises experienced an attack with an estimated cost greater than US$100,000, five times more than the previous year.

More than half of respondents experienced a financial impact between US$10,000 and US$100,000, almost twice as many as in 2016. 

And it’s not just lost revenue, as 57% cited damage to their reputation or brand as the primary business impact of an attack.

All of this points to the need to invest wisely when protecting against DDoS attacks.

A hybrid solution that combines on-premises and cloud-based protection is the industry best practice in DDoS defence and becoming more affordable with managed services and virtualised solutions.

With the attacker’s costs falling sharply and the target’s costs skyrocketing, the economics of DDoS attacks today clearly favour the attacker over the victim.

That is why DDoS attacks aren’t going away, and in fact, they are projected to rise at an extraordinary rate.

Story image
22 billion records exposed from breaches in 2020 — report
The research also found that 35% of the breaches recorded by Tenable were caused by ransomware attacks, while 14% of breaches stemmed from email compromises.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Cyberattacks on healthcare organisations "out of control" - Check Point
There has been a 45% increase in cyberattacks on healthcare organisations worldwide in the last two months, making healthcare the most targeted industry by cyber criminals.More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
PDI acquires Cybera and ControlScan MSS to protect against security threats
The acquisition complements PDI's existing industry-focused cloud product strategy, bringing customers a fully managed, cloud-based network security solution, the company states.More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More