DDoS-as-a-service providers offer customer loyalty programmes

Ever wondered how lucrative the cyber crime business was? According to new research from Kaspersky Lab, criminals can make as much as £14 per hour from distributed denial-of-service (DDoS) attacks. That’s a better hourly rate than your average police officer or blog writer.

Kaspersky Lab found that DDoS-as-a-service attacks typically retail at $25 per hour (approximately £20), while an attack using a botnet of 1,000 workstations can cost $7 per hour (approximately £5.60). The prices of attacks are scaled on a number of factors that clients can customise through options on the criminals’ black market websites.

The sites’ functionality “looks similar to that offered by legal services”, and customers can view customisable payment plans, get reports on work done or utilise additional services.

In some cases, there is even a customer loyalty programme, with clients receiving rewards or bonus points for each attack.

Customised attacks

DDoS-as-a-service websites outline different features and types of attacks that clients can opt for. Clients can choose:

  • The target. There are any number of reasons someone might seek out a DDoS attack – although some of the most common are to damage competitors, as an act of revenge, or to create a distraction from another attack on the victim. Because of that, anybody could be a target. DDoS-as-a-service providers assess the price of an attack on the reputation of the target and the strength of its anti-DDoS protection.
  • The attack source and its characteristics. Cameras and other Internet of Things (IoT) devices are typically less important to a company’s operation than its servers – but they are also less secure. As Kaspersky Lab writes, it is cheaper to maintain a botnet of 1,000 surveillance cameras and IoT devices than 100 servers.
  • Attack scenario. Clients can choose how and when attacks take place, or opt for atypical DDoS attacks. This may be a request to alternate between different methods of DDoS attacks within a short period of time or to implement several methods simultaneously.

The retail price of a DDoS attack will also differ depending on where the client lives. For example, a DDoS attack will cost US customers more than a similar offer in Russia.

DDoS ransoms

There is also evidence of DDoS-as-a-service demanding ransoms from targets in return for either not launching an attack or calling off an ongoing attack.

As with ransomware attacks, criminals can demand thousands of pounds’ worth of Bitcoin. More extraordinary, though, is that while the ransom in ransomware attacks is to return information or hijacked devices to operation, the DDoS extortionist not only doesn’t need to have actually done anything yet – they don’t even need to prove that they are capable of launching an attack.

Victim companies are now aware enough of the damage that can be inflicted from an attack that the mere threat of one can be enough to extort them. Meanwhile, the attackers are taking home a solid percentage of the ransom – alongside the fees from clients – without having to spend the time planning and undertaking attacks.

Subscribe to the Daily Sentinel for all the latest cyber security news and advice.