sb-eu logo
Story image

It’s an active buyer’s market for DDoS-as-a-Service - NETSCOUT

24 Sep 2018

By NETSCOUT Arbor South Asia regional director Jason Hilling

There are an increasing number of independent providers of DDoS-attacks-as-a-Service.

Promoting their criminal services online, these DDoS developers can either sell attackers access to the tools to conduct their own attack, or they will launch the attack on the client’s behalf and provide detailed reports about their achievements.

There is a lot of competition in this market, so fees are shrinking rapidly while service offerings are expanding. 

As a result, the off the shelf DDoS business is very much a buyer’s market.

Often called “stressers” or “booters,” the price for these DDoS attack services vary significantly, as do estimates of the total impact of an attack for the target.

However, the monetisation of this services is simple: DDoS attacks are cheaper than ever for attackers, lucrative for the attack service provider and financially and operationally crippling for the victim.

The low cost and turnkey nature of attack services which require nothing to build or configure have democratised DDoS attacks.

A volume play

Individual DDoS attacks can now be launched for as little as US$5.

As such, attack service providers look to make their money on volume; explaining why a DDoS attack occurs every six seconds.

One such attacker was arrested by police in Croatia in April for his DDoS for hire service called Webstresser.org, which has been implicated in multiple attacks on banks.

The 19-year-old man they suspect is behind Webstresser.org allowed users to rent DDoS infrastructure to shut down or slow websites by flooding them with data.

To capitalise on increasingly lucrative opportunities to unleash DDoS attacks worldwide, more and more of these DDoS-for-hire providers resemble legitimate service provider infrastructures with significant computing power. 

They typically run their own botnets - vast networks of Internet-connected computers, machines and devices infected with malware that turns them into “bots,” or oblivious robotic accomplices, to launch DDoS attacks.

Perpetrators can rent the providers’ botnets by the hour, day or week, or in some cases can buy a specific number of bots outright.

The mechanics of transactions follow a classic web service model, meaning the perpetrator and the provider need never come into contact.

A variety of attack flavours 

Providers that conduct attacks-as-a-service boldly post their “menus” online with tiered pricing reflecting the many different flavours of attacks they offer.

Prices are based on several factors and can include the duration of the attack, defensive measures used by the target, the perceived value of the target, the country in which the attack takes place, or the different attack methodologies employed.

Increasingly, other criteria can apply, including attacks on government agencies and financial institutions, which can command a significant premium.

Incidentally, attack vendors charge a higher price for attacks on organisations they discover are using strong anti-DDoS protective measures.

One threat actor tracked by the NETSCOUT Arbor security engineering and response team (ASERT) offered $US60 daily and US$400 weekly pricing, as well as discounts on orders of US$500 or US$1,000.

ASERT’s research pegged the mean cost at US$66 per attack, compared to the potential cost to the victim of around US$500 per minute.

Paying a steep price 

For a large organisation, the cost of being attacked can be substantially higher. 

The consequences of DDoS attacks are severe and getting worse, according to NETSCOUT Arbor’s 13th annual Worldwide Infrastructure Security Report (WISR). 

The number of survey respondents reporting revenue loss as a business impact of DDoS attacks nearly doubled in 2017.

Those who reported the cost of internet downtime at US$501 to US$1,000 per minute increased by nearly 60%.

Around 10% of enterprises experienced an attack with an estimated cost greater than US$100,000, five times more than the previous year.

More than half of respondents experienced a financial impact between US$10,000 and US$100,000, almost twice as many as in 2016. 

And it’s not just lost revenue, as 57% cited damage to their reputation or brand as the primary business impact of an attack.

All of this points to the need to invest wisely when protecting against DDoS attacks.

A hybrid solution that combines on-premises and cloud-based protection is the industry best practice in DDoS defence and becoming more affordable with managed services and virtualised solutions.

With the attacker’s costs falling sharply and the target’s costs skyrocketing, the economics of DDoS attacks today clearly favour the attacker over the victim.

That is why DDoS attacks aren’t going away, and in fact, they are projected to rise at an extraordinary rate.

Story image
Spending on managed security services in A/NZ to grow despite COVID headwinds
COVID-19 has changed security priorities significantly, and managed security services in A/NZ are set to benefit. More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Global DDoS attacks: What they are, how they work, and how to defend against them
Do not pay the ransom, and do make sure you've got strong DDoS protection, security firms warn.More