3 min read

New study on the profit and loss of DDoS attacks

Security & Privacy

Cyber criminals just like channel partners deal with profit and loss. Now that it has been established there is a serious organized criminal element to security hacks, Kaspersky Lab has funding a new research effort to determines the real costs and potential profits of DDoS attacks for black market sources.

The research found that getting into hacking does not require a huge capital outlay. For example, arranging a DDoS attack can costs as little as $7 an hour. A valet attendant at a shopping mall gets that. Now the potential profit from the minimal investment averages about $25 per hour.

For a 300-second attack it can cost a crook $5, but if the individual is willing to spend $400 it can produce a 24-hour long attack.

But just like any other business venture there is risk. According to the Kaspersky research study, the type of victim may increase the cost of the attack. Government Web sites have anti-DDoS protection so those attacks cost more and come with significantly higher risk to the hacker. For instance, on one DDoS-as-a-service website, the cost of an attack on an unprotected website ranges from $50 to $100, while an attack on a protected site costs $400 or more.

Ransomware is big trend in security these days and the demand for ransom in return for a promise not to launch a DDoS attack run the equivalent of thousands of dollars in bitcoin.

Kaspersky Lab’s experts were also able to calculate that an attack using a cloud-based botnet of 1,000 desktops is likely to cost the providers about $7 per hour. That means the cyber criminals organizing DDoS attacks are making a profit of around $18 per hour.

The level of service involved when arranging a DDoS attack on the black market is not very different from that of a legal business. The only difference is that there is no direct contact between the provider and the customer. The ‘service providers’ offer a convenient site where customers, after registering, can select the service they need, pay for it, and receive a report about the attacks. In some cases, there is even a customer loyalty program, with clients receiving rewards or bonus points for each attack.

Several factors can affect the cost of a DDoS attack to the customer. One factor is the type of attack and its source. For example, a botnet made up of popular Internet of Things (IoT) devices is cheaper than a botnet of servers. However, not all those providing attack services are ready to specify such details. Another factor is the duration of the attack (measured in seconds, hours and days), and the client’s location. DDoS attacks on English-language Web sites, for example, are usually more expensive than similar attacks on Russian-language sites.

However, another scenario that can allow cyber criminals to make even more money is when the attackers demand a ransom from a target in return for not launching a DDoS attack, or to call off an ongoing attack. The ransom can be the bitcoin equivalent of thousands of dollars, meaning the profitability of a single attack can exceed 95 per cent. In fact, those carrying out the blackmail do not even need to have the resources to launch an attack –sometimes the mere threat is enough.

Denis Makrushin, a security researcher at Kaspersky, said cyber criminals are constantly on the lookout for new and cheaper ways of organizing botnets, as well as coming up with ever more ingenious attack scenarios that security solutions will have difficulty dealing with.

“That’s why, if there are vulnerable servers, computers and IoT devices connected to the internet, and many companies prefer not to invest in security against DDoS attacks, we can expect the profitability of DDoS attacks to continue growing, along with their complexity and frequency,” he said.