itb-nz logo
Story image

It’s an active buyer’s market for DDoS-as-a-Service - NETSCOUT

24 Sep 2018

By NETSCOUT Arbor South Asia regional director Jason Hilling

There are an increasing number of independent providers of DDoS-attacks-as-a-Service.

Promoting their criminal services online, these DDoS developers can either sell attackers access to the tools to conduct their own attack, or they will launch the attack on the client’s behalf and provide detailed reports about their achievements.

There is a lot of competition in this market, so fees are shrinking rapidly while service offerings are expanding. 

As a result, the off the shelf DDoS business is very much a buyer’s market.

Often called “stressers” or “booters,” the price for these DDoS attack services vary significantly, as do estimates of the total impact of an attack for the target.

However, the monetisation of this services is simple: DDoS attacks are cheaper than ever for attackers, lucrative for the attack service provider and financially and operationally crippling for the victim.

The low cost and turnkey nature of attack services which require nothing to build or configure have democratised DDoS attacks.

A volume play

Individual DDoS attacks can now be launched for as little as US$5.

As such, attack service providers look to make their money on volume; explaining why a DDoS attack occurs every six seconds.

One such attacker was arrested by police in Croatia in April for his DDoS for hire service called Webstresser.org, which has been implicated in multiple attacks on banks.

The 19-year-old man they suspect is behind Webstresser.org allowed users to rent DDoS infrastructure to shut down or slow websites by flooding them with data.

To capitalise on increasingly lucrative opportunities to unleash DDoS attacks worldwide, more and more of these DDoS-for-hire providers resemble legitimate service provider infrastructures with significant computing power. 

They typically run their own botnets - vast networks of Internet-connected computers, machines and devices infected with malware that turns them into “bots,” or oblivious robotic accomplices, to launch DDoS attacks.

Perpetrators can rent the providers’ botnets by the hour, day or week, or in some cases can buy a specific number of bots outright.

The mechanics of transactions follow a classic web service model, meaning the perpetrator and the provider need never come into contact.

A variety of attack flavours 

Providers that conduct attacks-as-a-service boldly post their “menus” online with tiered pricing reflecting the many different flavours of attacks they offer.

Prices are based on several factors and can include the duration of the attack, defensive measures used by the target, the perceived value of the target, the country in which the attack takes place, or the different attack methodologies employed.

Increasingly, other criteria can apply, including attacks on government agencies and financial institutions, which can command a significant premium.

Incidentally, attack vendors charge a higher price for attacks on organisations they discover are using strong anti-DDoS protective measures.

One threat actor tracked by the NETSCOUT Arbor security engineering and response team (ASERT) offered $US60 daily and US$400 weekly pricing, as well as discounts on orders of US$500 or US$1,000.

ASERT’s research pegged the mean cost at US$66 per attack, compared to the potential cost to the victim of around US$500 per minute.

Paying a steep price 

For a large organisation, the cost of being attacked can be substantially higher. 

The consequences of DDoS attacks are severe and getting worse, according to NETSCOUT Arbor’s 13th annual Worldwide Infrastructure Security Report (WISR). 

The number of survey respondents reporting revenue loss as a business impact of DDoS attacks nearly doubled in 2017.

Those who reported the cost of internet downtime at US$501 to US$1,000 per minute increased by nearly 60%.

Around 10% of enterprises experienced an attack with an estimated cost greater than US$100,000, five times more than the previous year.

More than half of respondents experienced a financial impact between US$10,000 and US$100,000, almost twice as many as in 2016. 

And it’s not just lost revenue, as 57% cited damage to their reputation or brand as the primary business impact of an attack.

All of this points to the need to invest wisely when protecting against DDoS attacks.

A hybrid solution that combines on-premises and cloud-based protection is the industry best practice in DDoS defence and becoming more affordable with managed services and virtualised solutions.

With the attacker’s costs falling sharply and the target’s costs skyrocketing, the economics of DDoS attacks today clearly favour the attacker over the victim.

That is why DDoS attacks aren’t going away, and in fact, they are projected to rise at an extraordinary rate.

Download image
Network functions virtualisation: What is is, how to use it, and why it matters
Network functions virtualisation (NFV) is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Story image
New AI speech technology for contact centres lands in A/NZ
The contact centre enhancement, Oration, combines an artificial intelligence language interpreter with advanced speech recognition. More
Story image
4 steps to overcome common infrastructure monitoring challenges
By taking steps to create visibility across their entire tech stacks, companies can create a modern environment and a culture of visibility while gaining full observability across their infrastructure. More
Story image
Three ways cloud can contribute to a transformation goal
Cloud technology plays a pivotal role in successful transformations and can see businesses thrive and grow; however, this depends on the business mindset and approach to cloud, writes Thomas Duryea Logicalis CTO Toby Alcock.More
Story image
Video: 10 Minute IT Jams - Who is Globalization Partners?
Today, Techday speaks to Globalization Partners general manager for Asia-Pacific Charles Ferguson, who talks about Employer of Record technology and its strategic advantage for companies looking to expand internationally.More
Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More