Incapsula revealed in its annual Report of DDoS Threat-Landscape that there are two main offender archetypes responsible for the DDoS perpetrators, first being none other than professional criminals online, and so call booters (also known as stressers) being the second. In simple words, Booters mean providers of botnet-for-hire service online – and they are in large numbers now on the deep market.
DDos-for-hire costs only about $38 an hour on average, you can consider it more like smashing a whole elephant with an ant – considering the cost and size of damage it can do to the victim. No surprise, almost 40% network-layered attacks among all that happen are backed by these botnets. These attacks are subscription based, just like any other typical service being offered online, and anybody can launch several DDoS attacks on their target for just a dozens of dollars each month.
Now, this surely can be played out in a way that we can’t expect. Let’s take the 17 year old Idaho teen case where an attack on the state’s largest school (where teen studied, too) was launched. The attack continued for more than a week and of course, caused terrible issues to the concerning folks. The students working on school’s standard achievement tests, lost their work completely, it also prevented teachers to get paid as the payroll system was blocked.
As being mentioned above, taking such attack’s technique into consideration, these attacks are short-lived, but that pretty much suggest the impact of DDoS-for-hire attacks if continued. Yet, it’s been reported that over 20% of network-layer attacks taking place online last for up to five days.
Incapsula noted, “On one hand we observed long, complex, multiphase assaults that resemble advanced persistent threats (APT)”.
“These employ different methods and can last days, weeks and even months at time. On the other hand, we also noted a preponderance of rudimentary single-vector attacks usually lasting no longer than 30 minutes.” he added.
Large scale attacks aren’t that much common, and 253 Gbps was the biggest network attack being mitigated by Incapsula all through this last quarter. The report found that more than 56% among all of the network layer threats are driven by UDP flood attacks. Interesting, 8% our of these are SSDP-DDoS attacks that get launched from IOT (Internet of Things) devices.
Another interesting thing worth noting here is, the use of search engine impersonator-bots has been abandoned by the botnet operators. It declined from 57% according to figures from year 2014 to only 0.9% currently.
The report also suggests that attackers tend to hit back again and again onto the victims, and normally, an attack is launched again after 2 months. In almost 30% of the cases, the targets are hit even once every week. Overall, what we can learn from the research is the great threat that DDoS events are posing to the online businesses. Don’t go far, only an hour of downtime can be enough to stress out a working business we believe.
Incapsula noted, “The real-world cost of an unmitigated attack is $40,000 per hour”. Adding further, “Implications reach far beyond lost revenues to include loss of consumer trust, data theft, intellectual property loss, and more.
Today, with a substantial percentage of attacks lasting for days, and half of all targets being repeatedly hit, a worst-case scenario entails losses of hundreds of thousands—if not millions—of dollars.”
Ali Qamar is an Internet security research enthusiast who enjoys “deep” research to dig out modern discoveries in the security industry. He is the founder and chief editor at Security Gladiators, an ultimate source for cyber security. To be frank and honest, Ali started working online as a freelancer and still shares the knowledge for a living. He is passionate about sharing the knowledge with people, and always try to give only the best. Follow Ali on Twitter @AliQammar57
(Security Affairs – DDoS, cybercrime)