Research by Kaspersky has revealed that arranging a DDoS attack can cost a hacker just $7 an hour, with a profit margin of around 95% - plus they sometimes get loyalty points.
The research firm investigated how hackers carry out a distributed-denial-of-service attack, revealing that it's as easy as 'customers' paying a 'service provider' a registration fee to kick one off. When they have completed the registration process, they receive a report about the attacks and sometimes even loyalty points for each attack they take part in.
Hackers charge their 'customers' varying amounts for DDoS as a service, dependent on factors such as the type of attack (an IoT-based botnet is cheaper than a server botnet), length of the attack, and the location of the target. The type of the victim will also have a bearing on how much it costs.
Hackers make a profit of around $18 an hour for each attack they launch, although that's radically increased if the criminal opts to use a ransomware attack rather than DDoS.
"We expect the profitability of DDoS attacks to continue to grow," Russ Madley, head of B2B at Kaspersky Lab said. "As a result, [we] will see them increasingly used to extort, disrupt and mask other more intrusive attacks on businesses."
"Worryingly, small and medium sized businesses are not confident in their knowledge of how to combat these threats effectively," Madley added. "The longest DDoS attack in 2016 lasted 292 hours according to Kaspersky Lab's research, or about 12 days. Most online businesses can ill-afford to have their doors closed' for even an hour, let alone for 292 hours, as criminals take advantage of their poor defences."
There's no doubt that DDoS attacks and other cybercrimes are making hackers lots of money, especially when companies come under fire repeatedly.
"Companies that host these online sites are also under attack on a daily basis," Madley said. "The channel has a significant opportunity with our help to identify risks, provide strategic advice and deliver the right solutions to customers to prevent damaging DDoS attacks."
-
UK crime fighters wrangle “several thousand” potential cyber criminals in DDoS-for-hire honeypotNews The sting follows a recent crackdown on DDoS-for-hire services globally
-
US begins seizure of 48 DDoS-for-hire services following global investigationNews Six people have been arrested who allegedly oversaw computer attacks launched using booters
-
Will triple extortion ransomware truly take off?In-depth Operators are now launching attacks with three extortion layers, but there are limitations to this model
-
GoDaddy web hosting reviewReviews GoDaddy web hosting is backed by competitive prices and a beginner-friendly dashboard, and while popular, beware of hidden prices
-
Japan investigates potential Russian Killnet cyber attacksNews The hacker group has said it’s revolting against the country’s militarism and that it’s “kicking the samurai”
-
LockBit hacking group to be 'more aggressive' after falling victim to large-scale DDoS attackNews The ransomware group is currently embroiled in a battle after it leaked data belonging to cyber security company Entrust
-
Record for the largest ever HTTPS DDoS attack smashed once againNews The DDoS attack lasted 69 minutes and surpassed the previous record of 26 million RPS
-
Cloudflare mitigates biggest ever HTTPS DDoS attackNews A botnet generated over 212 million HTTPS requests from over 1,500 networks in 121 countries
