The New Face of DDoS-For-Hire Services

For years, the rise of DDoS-for-hire services has caused an explosion of DDoS attacks. Due to their cheap price point and ease of access, they have revolutionised DDoS attacks by giving anyone and everyone access to a tactic that was once the preserve of ‘script kiddies’ with a decent understanding of coding. Nowadays, a quick search of Google and a spare $50 can put DDoS attacks into the hands of just about anyone.

Like any business owners, the attackers behind these services are always looking for new ways to promote them to potential buyers. For example, last week news surfaced about a mobile version of the attack-for-hire service that has gone up for sale on the Google Play store. This service is an update to an already formidable web version, called Ragebooter, which back in 2013 offered powerful distributed denial-of-service attacks capable of knocking individuals and websites offline. So, what does this new service mean for businesses and what are the potential consequences from it?

DDoS-For-Hire Services Are Evolving

The rise of DDoS-for-hire services comes at a time when DDoS attacks are becoming more sophisticated than ever. As these services evolve they have also become more commercial, by offering discounts and loyalty points and now launching a mobile platform to simplify the user journey. The cost of attacks has never been lower, with one DDoS service advertised on a Russian public forum offering attacks from as little as $50 per day. However, Kaspersky believes the average cost is more like $25 per hour, with cyber criminals making a profit of about $18 for every hour of an attack.

By offering such a low-cost, shared DDoS attack infrastructure, these services have attracted thousands of malicious customers and are responsible for hundreds of thousands of attacks per year. At the same time, criminals continue to seek new and cheaper ways to organise botnets for use in DDoS-for-hire attacks, so the plethora of unsecured connected devices that make up the Internet of Things continues to make life easier for them.

But while the cost of launching an attack has reduced so significantly, the costs incurred by the victims for lost revenue and reputation are significant. One can only imagine how many customers an online store could lose if an DDoS attack takes its website offline for an entire day’s trading.

Best Practices

All this makes for an extremely concerning future DDoS attack landscape. With DDoS-for-hire services evolving so quickly, and the capacity for future botnet-driven DDoS attacks growing incrementally, organizations must stay ahead of the game and take steps to ensure they remain protected. The best way for organizations to mitigate those attacks is to work together with internet providers to adopt the latest generation of inline, always on, DDoS protection.

To find out more, please contact us.