Arranging a black market DDoS attack can cost as little as $7 per hour
- Arranging a DDoS attack through the black market can cost between $5 for a 300-second attack to $400 for a 24-hour attack, according to research released Thursday by Kaspersky Lab. The average cost to arrange a DDoS attack via the black market is about $25 an hour.
- The cost varies based on factors such as length of the attack, intended target and source. For example, an attack using a cloud-based botnet of 1,000 desktops costs providers about $7 per hour, while attacks on government websites or companies guarded by anti-DDoS solutions can cost $400 or more.
- A botnet made up of popular IoT devices is cheaper than a botnet of servers, according to Kaspersky. "That’s why, as long as there are vulnerable servers, computers and IoT devices connected to the internet, and many companies prefer not to invest in security against DDoS attacks, we can expect the profitability of DDoS attacks to continue growing, along with their complexity and frequency," said Denis Makrushin, security researcher at Kaspersky Lab.
It’s a tough business opportunity for nefarious actors to pass up. Cybercriminals launching DDoS attacks average a profit of around $18 per hour, Kaspersky found, while the company targeted can lose thousands — or even millions — of dollars. Ironically, Kaspersky also found black market businesses generally offer good service and act much like legitimate businesses, except for the fact that you can’t actually speak with a customer service rep.
With the relatively cheap price of DDoS attacks, it is understandable why they have becomes so prevalent. The use of botnets to launch DDoS attacks have made such attacks bigger and more lethal, so much so that the Department of Homeland Security recently announced it is dedicating time and money to address the issue.
Security experts predict DDoS attacks will continue to grow and cause businesses more damage. Last year, the internet witnessed the largest DDoS attacks on record. Radware predicts that the cybersecurity sector is entering the "1TBps DDoS era" where attacks will continue to become more sophisticated and damaging, and that means lost revenue and productivity.