DDoS-for-hire attacks cost less than a used car

A few thousand dollars can buy threat actors a 150,000-strong botnet with 1 Tbps attack size.

A recent report shows that threat actors increasingly use distributed denial-of-service (DDoS) as a complementary tool to intimidate victims.

Ransomware gangs are keen adopters of the technique, developing a multi-vector threat, often used against victims refusing to pay.

Ransomware-as-a-Service (RaaS) affiliates can supplement their illicit activities with DDoS attacks mainly because of cybercrime's developed ecosystem.

A recent report by Netscout shows that unleashing a swarm of bots on a victim costs a lot less than it might seem. Most DDoS-for-hire vendors even offer free trials to test basic attacks before ordering the real thing.

Netscout's researchers analyzed 19 DDos-for-hire groups that claim to have successfully launched over 10 million attacks in total.

Many service providers often offer flexible payment plans based on the attack configuration, duration, and power measured in bandwidth and throughput.

Some offer free tests, while others charge a nominal fee of $5 over a five-day trial. A full attack that includes 100 concurrent attacks, no daily limits, and a committed 1 million packets per second (Mpps) cost a mere $6,500.

One DDoS-for-hire service provider claims to offer a 1 Tbps attack size using 150,000 bots for $2,499. Report's authors note, however, they are yet to observe such an attack range actually developed by the group in real life.

The comparatively low price of buying a DDoS attack might be why ransomware gangs started targeting Voice over Internet Protocol (VoIP) providers with an estimated revenue loss of up to $12 million.

Ransomware gangs including REvil, BlackCat, AvosLocker, and Suncrypt were all observed using DDoS to extort victims last year.

According to the report, much like RaaS affiliates, DDoS attackers started targeting the specific sector.

Software publishers saw a staggering 606% increase in DDoS attacks, with Insurance agencies (257%) and Computer storage manufacturers (263%) witnessing a significant uptick in attacks as well.

According to Netscout's report, the total number of attacks last year stood at 9.7 million, with 5.4 in the first half of the year and 4.4 million in the second.

More from Cybernews:

Threat actors hijack outdated WordPress sites

Kaspersky deemed a 'threat' to US national security

‘ContiCo’ means business, warns report on gang data leaks

EU establishes strict regulations for US tech giants amid their growing influence on the market

Russia behind a satellite broadband service hack - media

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked