14 DAY TRIAL // Cyber criminals offering DDoS-as-a-service have a profit margin of up to 95%, indicating why such services have become so widespread on the dark net.
According to Kaspersky Lab experts, the black market's offering of DDoS services is quite high, and criminals who want to arrange such an attack find it to be quite profitable.
Setting up an attack can cost as little as $7 an hour, while the targeted company can lose anywhere from thousands of dollars to millions, depending on the length of the attack and the damage done.
People offering these attacks have set up a whole business. They offer those in need a site where customers can register, select the service they need, pay for it, and then receive a report about the attacks. As Kaspersky's experts point out, there are even customer loyalty programs available for those who want a repeat experience.
Of course, the final price of the attack can vary a lot, and it takes into account a lot of variables. For instance, it matters what type of attack is used, the source, the length of the attack and the client's location. It seems that DDoS attacks on English-language websites are more expensive than attacks on Russian-language sites.
"Another big factor affecting the cost is the type of victim. Attacks on government websites and resources protected by dedicated anti-DDoS solutions are much more expensive, as the former are high risk, while the latter are more difficult to attack," Kaspersky points out.
For instance, one website offering DDoS-as-a-service charges between $50 to $100 for unprotected websites, and $400 or more for protected sites.
"It means a DDoS attack can cost anything from $5 for a 300-second attack, to $400 for 24 hours. The average price for an attack is around $25 per hour. Kaspersky Lab's experts were also able to calculate that an attack using a cloud-based botnet of 1000 desktops is likely to cost the providers about $7 per hour. That means the cybercriminals organizing DDoS attacks are making a profit of around $18 per hour," the report reads.
An alternative source
It seems that cybercriminals are making money from all sides, though. Another scenario highlighted by Kaspersky sees attackers demanding a ransom from a target in return for not launching a DDoS attack, or to call off an ongoing attack. With criminals demanding thousands of dollars in Bitcoins, it just shows there are more ways than one to spin this business.
"Cybercriminals are constantly on the lookout for new and cheaper ways of organizing botnets, as well as coming up with ever more ingenious attack scenarios that security solutions will have difficulty dealing with. That's why, as long as there are vulnerable servers, computers and IoT devices connected to the Internet, and many companies prefer not to invest in security against DDoS attacks, we can expect the profitability of DDoS attacks to continue growing, along with their complexity and frequency," said Denis Makrushin, security researcher at Kaspersky Lab.