Takedowns, Arrests No Deterrent to Growing DDoS-for-Hire AttacksTakedowns, Arrests No Deterrent to Growing DDoS-for-Hire Attacks

The distributed denial of service (DDoS)-for-hire industry continues to flourish despite arrests and takedowns.

That’s according to Radware‘s latest threat alert. A DDoS attack occurs when multiple systems flood the bandwidth or resources of a targeted system. It usually involves one or more web servers.

Takedowns and arrests are usually effective forms of control over criminal activity. They help remove known threats and send a clear message to criminal operators.

But these practices aren’t working with DDoS. The “booter and stresser” industry is complicated and profitable. Booter and stresser services increase the scale and frequency of DDoS attacks.

And dozens of other criminals will fill the void when one threat is removed.

DDoS-for-Hire Faces Few Consequences

Daniel Smith is Radware‘s head of security research. He said the most surprising finding is that takedowns and arrests are proving to be ineffective against DDoS-for-hire attacks. Cybercriminals know there’s very little consequence for launching an attack or even operating a service,.

Radware’s Daniel Smith

“It is still very easy and inexpensive to purchase an attack service,” Smith said.

Many organizations don’t see DDoS threats as critical; instead, they focus on a number of other threats like ransomware, Smith said.

“Many assume DDoS is no longer a big problem,” he said. “However, this not the case. We have seen a growth in attack vectors, techniques and record-sized DDoS attacks. If anything, the problem is only getting worse.”

Damages can range from simple and annoying service degradation to complete disconnection, Smith said.

“What matters is the target,” he said. “These services can be used to target simple household gamers and corporations, all the way up to MSSPs and service providers.

Cheap and Easy

Basic packages for DDoS-for-hire on the internet have remained relatively unchanged over the last five years. They still range between $10 and $20 per month.

Paying for the service normally grants you access to the attack panel for 30 days. That allows you to launch limited timed attacks that range between 300 and 3,600 seconds, according to the research.

“From this report, we see that such attacks are inexpensive and can easily take down networks,” Smith said. “When online connections are stopped or significantly slowed for even a few hours, employees’ work is disrupted, and customers or remote employees can’t connect, which ultimately impacts the operations, revenue and reputation of the organization.”

Motivated DDoS-for-hire attackers, over the last year, discovered not only new attack vectors, but also a new technique to evade or slow down detection, known as carpet bombing. This technique has become very common and requires little sophistication from the threat actor.

“It’s not just about protecting yourself,” Smith said. “It’s also about protecting other online businesses by keeping a clean house. When you update and patch your devices in a timely manner, or remove unnecessarily exposed devices from the internet, you help prevent future DDoS attacks overall.”

MSSPs Increasingly Targeted

The DDoS-for-hire market continues to evolve. As a result, MSSPs and other service providers will find themselves increasingly targeted by easy-to-launch, large-scale DDoS attacks.

“The recent increase in DDoS activity is particularly challenging for MSSPs and cybersecurity providers because typically downstream customers are the original targets,” Smith said. “Threat attackers are moving their attacks upstream, looking for points of weaknesses and bottlenecks as their capabilities and techniques grow.”

With remote work becoming the new standard and home internet connectivity at an all-time high, understanding the new threat landscape has become very important for both service providers and enterprise organizations, he said.

“While organizations can deploy their own automated DDoS defense, in this fast-changing climate many are looking to outsource this service to a MSSP or cybersecurity provider,” Smith said.