We have discussed several times about the concept of cybercrime-as-a-service, today I’ll show you a case related the offer for rent of distributed-denial-of-service (DDoS) attacks for less than US$60 per day.
According to Dennis Schwarz, Research Analyst on Arbor’s ASERT Team, a DDoS attack that costs US$60 per day could inflict as much as US$720,000 in damage to the victim organisation. Technically, these services are called booter or stresser services and could be sold as would-be legitimate tools for security professionals that need to test the resilience of their infrastructure to cyber attacks or their capacity to support a high-volume of traffic.
The problem is that criminal organisations are abusing booters for illegal DDoS attacks, one of the most popular examples is the one used by the LizardSquad hacking crew, the LizardStresser.
The popular security expert Brian Krebs and a research team discovered that the Lizard Stresser DDoS tool relies on compromised Home Routers, this is very common for such kind of illegal services.Schwarz examined one
Schwarz examined one booter service sold in the Russian underground a user with the pseudonym of Forceful. The researcher has compared the cost to rent per day with the average damage suffered by the victims.
Schwarz noticed numerous advertisements for a DDoS booter service on one of the many public Russian language forums, one of them was published by a bad actor known as “Forceful” who operated one of these services. Searching for ICQ number and/or Jabber address the experts discovered a number of advertisements starting from November 2014.
The ads typically contain:
Forceful charges $60 a day to rent the booter, meanwhile the cost on an entire week is $400, and anyway it offers a 10-minute test sessions to its clients.
“In this marketplace, it almost always starts with an advertisement for a DDoS booter service on one of the many public Russian language forums,” Schwarz says.
Thanks to a series of OPSEC mistakes made by Forceful, Schwarz and his team were able to identify the malware used by the threat actor and the structure of botnet he uses.
According to the Arbor Worldwide Infrastructure Security Report the average suffered by victims of the attack is US$500 per minute. The cost is attributable to downtime of the targeted infrastructure, reputational damage, and the price of remediation.
According to the data elaborated by the experts, a booter attack could cause US$7.2 million in damages a day, costs that could be drastically reduced by the adoption of DDoS defense solutions.
Schwarz highlighted the extreme asymmetry of the economics of DDoS attackers and urged organizations in adopting defensive solutions.
“As we see in Arbor’s most recent Worldwide Infrastructure Security Report (WISR), the average cost to the victim of a DDoS attack is around $500 per minute. And as we’ve seen above, the mean cost to the attacker is only $66 per attack. This finding highlights both the extreme asymmetry of the economics of DDoS attackers vs. those of the victims of DDoS attacks, as well as the importance of robust DDoS defenses to all organizations which depend upon their online presence for revenue, customer support, and other important business functions. The cost to launch a DDoS attack is so low that the barrier to entry for attackers is practically nil – and that means that *any* organization can potentially be the target of a DDoS attack, since the investment required to launch an attack is so low.”
According to Arbor Network’s BladeRunner, from July to October the Forceful’s booter bot was rented for 82 attacks equaling $5,408.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(Security Affairs – DDoS booter,cybercrime)