One of the main drivers in the popularity of distributed denial-of-service (DDoS) attacks among cybercriminals is the favorable cost-profit ratio.
Companies that are targeted by this type of extortion can expect to lose thousands, if not millions of dollars, while the perpetrators of the attack can invest as little as $7 an hour to get the attacks off the ground.
Though true cost typically depends on the length and severity of the attack, Kaspersky Lab recently revealed through its own research, prices of a DDoS attack can range from $5 for a 300-second attack to $400 for a 24-hour attack.
These amounts pale in comparison to what cybercriminals stand to gain when they hold a victim’s data or computer systems hostage.
“We expect the profitability of DDoS attacks to continue to grow throughout the year. As a result, will see them increasingly used to extort, disrupt and mask other more intrusive attacks on businesses,” Andrey Pozhogin, a cybersecurity expert at Kaspersky Lab North America, told PYMNTS.
One of the most significant factors that can impact the cost of a DDoS attack is the type of victim being targeted. Kaspersky’s research revealed that high-risk attacks, such as those on government websites and resources protected by dedicated anti-DDoS solutions, are typically more expensive to implement.
On the contrary, low-risk attacks are much cheaper to set in motion.
“Worryingly, small and medium sized businesses are not confident in their knowledge of how to combat these threats effectively,” Pozhogin explained.
For example, Kaspersky’s investigation uncovered a DDoS-as-a-service website that advertised the cost of an attack on an unprotected website priced from $50 to $100, but an attack on a protected site was significantly more expensive at a cost of $400 or more.
Pozhogin shared that the longest DDoS attack in 2016 lasted 292 hours, or about 12 days. Unfortunately, for many online businesses, just being offline for even an hour can be more than they can afford, let alone for 292 hours, he added.
Knowing this, cybercriminals are primed and ready to take advantage of the weak defenses maintained by many unsuspecting victims.
“Cybercriminals are constantly on the lookout for new and cheaper ways of organizing botnets, as well as coming up with ever-more ingenious attack scenarios that security solutions will have difficulty dealing with,” Denis Makrushin, a security researcher at Kaspersky Lab, said in a press release detailing the research.
“That’s why, as long as there are vulnerable servers, computers and IoT devices connected to the internet, and many companies prefer not to invest in security against DDoS attacks, we can expect the profitability of DDoS attacks to continue growing, along with their complexity and frequency,” said Makrushin.
These cybercriminals have also become sophisticated enough to make even more money by demanding money in return for not launching a DDoS attack or calling off an ongoing attack.
In some cases, that ransom is the bitcoin equivalent of thousands of dollars, enabling the profitability of an attack to exceed 95 percent. Shockingly enough, sometimes those behind the blackmail don’t even have the necessary resources to carry out an attack — but the mere threat scares the victim enough to pay the ransom.
“With access to DDoS attack services readily available and affordable for cybercriminals, it’s important now more than ever for businesses to hire a professional for reliable protection.”