Privacy News Kaspersky: Criminals Make 95% Profit on DDoS

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Ordering a DDoS attack has become as easy as ordering the latest bestseller from Amazon—and can offer incredible return on investment for the attacker.

According to Kaspersky Lab, DDoS-for-hire services are generally self-service, eliminating the need for direct contact between the organizer and the customer. Customers can make payments, get reports on work done and so on, all online. In fact, Kaspersky said that the order page “looks more like the web page of an IT startup than a cybercriminal operation.”

“These web services are fully functional web applications that allow registered customers to manage their balance and plan their DDoS attack budget,” the firm said in a blog posting. “Some developers even offer bonus points for each attack conducted using their service. In other words, cybercriminals have their own loyalty and customer service programs.”

But lowering the barrier to entry doesn’t stop there—it’s also incredibly cheap to carry attacks out these days. One DDoS service advertised on a Russian public forum offers attacks from $50 per day, for instance.

Kaspersky did a review of the Dark Web to find out the going rate for DDoS as-a-service, and found the average to be slightly higher than the example above—attacks typically cost $25 per hour, with the cyber-criminals making a profit of about $18 for every hour of an attack.

The security specialist also found that organizers of DDoS services generally offer customers a tariff plan in which the buyer pays a per-second rental price for botnet capacity. For example, a DDoS attack of 300 seconds using a botnet with a total bandwidth of 125Gbps will cost about between $5 and $6.

As for profitability, it should be noted that DDoS attacks and, in particular, ransomware DDoS have already turned into a high-margin business. “The profitability of one attack can exceed 95%,” the firm noted. “And the fact that the owners of online sites are often willing to pay a ransom without even checking whether the attackers can actually carry out an attack (something that other fraudsters have already picked up on) adds even more fuel to the fire. All the above suggests that the average cost of DDoS attacks in the near future will only fall, while their frequency will increase.”

Of course, the actual cost of any one service depends on a few variables. Those include the target—government victims cost more to attack than, say, an online store, and some countries cost more to attack than others—as well as the type of attack requested. Atypical attacks that ask the botnet owner to alternate between different methods of DDoS attacks within a short period of time or implement several methods simultaneously can increase costs.

The rate also depends on the anti-DDoS protection the potential victim has. “If the target uses traffic filtering systems to protect its resources, the cyber-criminals have to come up with ways of bypassing them to ensure an effective attack, and this also means an increase in the price,” Kaspersky explained. In one case, “cyber-criminals were asking for $400 per day to attack a site/server that uses anti-DDoS protection, which is four times more expensive than an attack on an unprotected site.”

Also, the cheaper it is for a criminal to maintain a botnet (defined, for example, by the average cost of infecting a device and including it in a botnet), the more likely they are to ask for bargain-basement prices for their services. For example, a botnet of 1,000 surveillance cameras may be cheaper than a botnet of 100 servers, simply because cameras and other IoT devices are less secure and take less effort to compromise.

As for mitigation, Ben Herzberg, security group research manager for the Incapsula product line at Imperva, offered us the following advice: “In a nutshell, though the organization needs to map their assets, understand what sort of risks they’re facing on the different assets (for example: websites, third-party services, VPNs, etc.), and set a process which will minimize those risks—in most cases by taking a DDoS mitigation service to protect the organization.”

He added, “The best way for organizations to mitigate DDoS attacks is as far away from their network as possible, such as in the cloud, before it even reaches the organization’s ISP. With the vast increase of IoT devices, allowing cheap attacks like the ones stated in the Kaspersky research, attackers may send enormous amounts of traffic and packets, which may easily exhaust the organization’s pipeline.”
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
The reasons why cyber-criminals are launching DDoS attacks is obvious: they are paid to do so.What is less clear is what are the motivations of those who purchase this type of service: leaving aside those who use DDoS attacks for fun (more numerous than you may think) and those who, instead, makes gestures of hacktivism (by compromising the websites of banks, government institutions or similar), a growing part of these attacks, instead, has the purpose of put ko, at least temporarily, rival services, for example, an e-commerce website specialising in the same products.
 

soccer97

Level 11
Verified
May 22, 2014
517
The cost to the end user (victim) is huge in terms of server load and balancing, bandwidth fees, downtime and backups. Even with DDOS protection - there comes a point.

Sad it has come to this.
 

Dean Winchestere

Level 2
Verified
Mar 9, 2017
50
Are there any paid services that will DDOS Trump's twitter feed? I would surely be happy to spend some bitcoin!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top