33 F
Washington D.C.
Wednesday, December 8, 2021
spot_img

Kaspersky Lab Research Reveals Cost, Profitability of Arranging DDoS Attack

Kaspersky Lab Thursday revealed that its research of DDoS services available on the black market — and just how far the illegal business has advanced — determines the cost and profitability of arranging a DDoS attack using criminal DDoS services.

Kaspersky Lab said its “experts have studied the DDoS services available on the black market … as well as the extent of its popularity and profitability. The research shows that arranging a DDoS attack can cost as little as $7 an hour, while the company targeted by the attack can end up losing thousands, if not millions of dollars in the process.”

“Cybercriminals are constantly on the lookout for new and cheaper ways of organizing botnets, as well as coming up with ever more ingenious attack scenarios that security solutions will have difficulty dealing with,” said Denis Makrushin, security researcher at Kaspersky Lab. “That’s why, as long as there are vulnerable servers, computers and IoT devices connected to the Internet, and many companies prefer not to invest in security against DDoS attacks, we can expect the profitability of DDoS attacks to continue growing, along with their complexity and frequency.”

Specifically, Kaspersky said its cyber experts discovered the following attack trends:

  • Arranging a DDoS attack can cost as little as $7 an hour (profiting around $18 an hour) – on average $25 per hour – while the company targeted by the attack can end up losing thousands, if not millions of dollars in the process.
  • Cost typically depends on the length of the attack. DDoS attacks can cost anywhere from $5 for a 300-second attack to $400 for a 24-hour attack.
  • A big factor affecting the cost is the type of victim. Attacks on government websites and resources protected by dedicated anti-DDoS solutions are much more expensive, as the former are high risk, while the latter are more difficult to attack.
  • Demands for ransom in return to not launch a DDoS attack, or calling off an ongoing attack can be the bitcoin equivalent of thousands of dollars, and some don’t even have the resources to launch an attack – the mere threat scares the victim enough to pay the ransom.
  • Kaspersky Lab’s experts were also able to calculate that an attack using a cloud-based botnet of 1,000 desktops is likely to cost the providers about $7 per hour, which means the cybercriminals organizing DDoS attacks are making a profit of around $18 per hour.

“Another big factor affecting the cost is the type of victim,” the company said. “Attacks on government websites and resources protected by dedicated anti-DDoS solutions are much more expensive, as the former are high risk, while the latter are more difficult to attack. For instance, on one DDoS-as-a-service website, the cost of an attack on an unprotected website ranges from $50 to $100, while an attack on a protected site costs $400 or more.”

“However, another scenario that can allow cybercriminals to make even more money is when the attackers demand a ransom from a target in return for not launching a DDoS attack, or to call off an ongoing attack,” Kaspersky said, noting, “The ransom can be the bitcoin equivalent of thousands of dollars, meaning the profitability of a single attack can exceed 95 percent. In fact, those carrying out the blackmail do not even need to have the resources to launch an attack – sometimes the mere threat is enough.”

“The level of service involved when arranging a DDoS attack on the black market is not very different from that of a legal business,” Kaspersky said, noting, “The only difference is that there is no direct contact between the provider and the customer. The ‘service providers’ offer a convenient site where customers, after registering, can select the service they need, pay for it, and receive a report about the attacks. In some cases, there is even a customer loyalty program, with clients receiving rewards or bonus points for each attack.”

Kaspersky concluded, saying, “Several factors can affect the cost of a DDoS attack to the customer. One factor is the type of attack and its source. For example, a botnet made up of popular IoT devices is cheaper than a botnet of servers. However, not all those providing attack services are ready to specify such details. Another factor is the duration of the attack (measured in seconds, hours and days), and the client’s location. DDoS attacks on English-language websites, for example, are usually more expensive than similar attacks on Russian-language sites.”
 
 
 

Single Post Template - Magazine PRO Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

STAY CONNECTED

- Advertisement -
Single Post Template - Magazine PRO Homeland Security Today

Latest Articles