Friday , 28 April 2017
Home » NEWS » THIS WEEK’S GURUS » In the DDoS-for-hire business, customer service matters
Duncan Hughes, Director of Systems Engineering EMEA, A10 Networks
In the DDoS-for-hire business, customer service matters

In the DDoS-for-hire business, customer service matters

You’re probably enrolled in an airline’s rewards programme, receiving points or miles to use toward free flights. The more you fly, the more points you get. It’s a way to recognise customer loyalty.

Every type of business wants to build a loyal customer base. Even the cyber criminals who run DDoS-for-hire services.

DDoS Loyalty Programs

As the DDoS-for-hire racket evolves, some such services have started offering repeat customers points and discounts toward future purchases. It’s a sort of DDoS loyalty programme, according to a new report by Kaspersky Labs that digs deeper into the DDoS-for-hire market and the cost of attacks.

“Some developers even offer bonus points for each attack conducted using their service. In other words, cybercriminals have their own loyalty and customer service programs,” the report notes, adding that most DDoS attacks are ordered through full-fledged Web services, which removes the need for direct contact between the two parties.

Customers use these Web services to register for an account, make payments, manage their balance and attack budget, access reports and more. Kaspersky compared them to Web services offered by legal services. In the DDoS-for-hire business, many of these Web services boast thousands to hundreds of thousands of registered users.

IoT-based Attacks Are Cheaper

According to the report, the cost of a DDoS attack fluctuates based on the target, the duration of the attack and the geographic location of the target. According to research, a DDoS attack can cost anywhere from £3 for a 300-second attack to £300 for 24 hours, and the average price for an attack is around £20 per hour.

The price of a DDoS attack also takes into consideration the attack’s generation and the source of attack traffic. For example, an attack leveraging a botnet made up of Internet of Things (IoT) devices costs less than an attack that uses a botnet made up of servers.

“At the same time, cybercriminals continue to actively seek new and cheaper ways to organise botnets,” the Kaspersky report states. “In this regard, the Internet of Things makes life easier for them. One of the current trends is the infection of IoT devices (CCTV cameras, DVR-systems, ‘smart’ household appliances, etc.) and their subsequent use in DDoS attacks. And while vulnerable IoT devices exist, cybercriminals are able to exploit them.”

Dawn of the DDoS of Things

The rise of DDoS-for-hire services comes on the heels of a spate of high-profile DDoS attacks that reached unprecedented volume, size and scope. For the first time on record, DDoS attacks have exceeded the 1 Tbps threshold, an upward swing that is expected to continue.

The Mirai malware is powering this tsunami of DDoS attacks, which takes advantage of unsecured IoT devices to build massive botnets and launch mammoth DDoS attacks. The uptick in DDoS activity has ushered in the DDoS of Things (DoT) era, where threat actors use unsecured IoT devices to build the botnets that drive colossal DDoS attacks.

According to our new DDoS of Things infographic, there are now roughly 3,700 DDoS attacks per day, and once a business is attacked there’s an 82 per cent chance they’ll be attacked again.

DDoS Defence

For service providers, enterprises and security-conscious businesses, it is necessary to implement DDoS protection solutions to detect, mitigate volumetric, multi-vector DDoS attacks at the network edge. This needs to be the first line of defence for network infrastructure to help helps prevent IoT-powered DDoS attacks and protect your business from the DDoS of Things.

About Dean Alvarez

Dean is Features Editor at IT Security Guru. Aside from cyber security and all things tech, Dean's interests include wine tasting, roller blading and playing the oboe in his Christian rock band, Noughts & Crosses.

You can reach Dean via email - dean@itsecurityguru.org