Takedowns, Arrests No Deterrent to Growing DDoS-for-Hire AttacksTakedowns, Arrests No Deterrent to Growing DDoS-for-Hire Attacks
Many organizations are focused on ransomware instead of DDoS attacks.
August 27, 2020
The distributed denial of service (DDoS)-for-hire industry continues to flourish despite arrests and takedowns.
Takedowns and arrests are usually effective forms of control over criminal activity. They help remove known threats and send a clear message to criminal operators.
But these practices aren’t working with DDoS. The “booter and stresser” industry is complicated and profitable. Booter and stresser services increase the scale and frequency of DDoS attacks.
And dozens of other criminals will fill the void when one threat is removed.
DDoS-for-Hire Faces Few Consequences
Daniel Smith is Radware‘s head of security research. He said the most surprising finding is that takedowns and arrests are proving to be ineffective against DDoS-for-hire attacks. Cybercriminals know there’s very little consequence for launching an attack or even operating a service,.
Radware’s Daniel Smith
“It is still very easy and inexpensive to purchase an attack service,” Smith said.
Many organizations don’t see DDoS threats as critical; instead, they focus on a number of other threats like ransomware, Smith said.
“Many assume DDoS is no longer a big problem,” he said. “However, this not the case. We have seen a growth in attack vectors, techniques and record-sized DDoS attacks. If anything, the problem is only getting worse.”
Damages can range from simple and annoying service degradation to complete disconnection, Smith said.
“What matters is the target,” he said. “These services can be used to target simple household gamers and corporations, all the way up to MSSPs and service providers.
Cheap and Easy
Basic packages for DDoS-for-hire on the internet have remained relatively unchanged over the last five years. They still range between $10 and $20 per month.
Paying for the service normally grants you access to the attack panel for 30 days. That allows you to launch limited timed attacks that range between 300 and 3,600 seconds, according to the research.
“From this report, we see that such attacks are inexpensive and can easily take down networks,” Smith said. “When online connections are stopped or significantly slowed for even a few hours, employees’ work is disrupted, and customers or remote employees can’t connect, which ultimately impacts the operations, revenue and reputation of the organization.”
Motivated DDoS-for-hire attackers, over the last year, discovered not only new attack vectors, but also a new technique to evade or slow down detection, known as carpet bombing. This technique has become very common and requires little sophistication from the threat actor.
“It’s not just about protecting yourself,” Smith said. “It’s also about protecting other online businesses by keeping a clean house. When you update and patch your devices in a timely manner, or remove unnecessarily exposed devices from the internet, you help prevent future DDoS attacks overall.”
MSSPs Increasingly Targeted
The DDoS-for-hire market continues to evolve. As a result, MSSPs and other service providers will find themselves increasingly targeted by easy-to-launch, large-scale DDoS attacks.
“The recent increase in DDoS activity is particularly challenging for MSSPs and cybersecurity providers because typically downstream customers are the original targets,” Smith said. “Threat attackers are moving their attacks upstream, looking for points of weaknesses and bottlenecks as their capabilities and techniques grow.”
With remote work becoming the new standard and home internet connectivity at an all-time high, understanding the new threat landscape has become very important for both service providers and enterprise organizations, he said.
“While organizations can deploy their own automated DDoS defense, in this fast-changing climate many are looking to outsource this service to a MSSP or cybersecurity provider,” Smith said.
Read more about:Agents
About the Author(s)
You May Also Like
AWS re:Invent Partner, Vendor News: Cisco, Salesforce, MoreDec 01, 2023
People on the Move: Comcast, Cisco, NICE, TPx, Barracuda, MoreNov 29, 2023
AWS re:Invent 2023 Partner News: Marketplace, Salesforce, Certs, MoreNov 29, 2023
AWS re:Invent Expo: VMware, Snyk, HPE, More Showcase Cloud, Security, AINov 28, 2023