A buyer’s market in the global economics of DDoS attacks

It’s a buyer’s market in the local property arena at the moment, according to certain industry experts. This is largely as a result of the slower economy, which has seen a rise in the number of properties for sale. But did you know that globally, it’s a buyer’s market as well when we look at the economics of Distributed Denial of Service (DDoS) attacks? The second, of course, is an underground market, largely regarded as a criminal one.

So says Arbor Network’s territory manager for Sub-Saharan Africa, Bryan Hamman.  Referring to recently released information from Arbor Networks, he says, “It is interesting to analyse the current economics in global DDoS attacks, which are attempts to make an online service unavailable by overwhelming it with traffic from multiple sources. Most people who are aware of DDoS attacks understand that there will be a perpetrator and a target.

“However, we’re now seeing a growing number of third-party providers of DDoS attacks as a service, who advertise their abilities online in order to either sell would-be attackers access to the tools needed to conduct a DDoS attack, or who perform the attack themselves on the customer’s behalf and provide reports afterwards.”

Hamman notes that the fees of these underworld providers are lessening, due to rapidly expanding competition and the supply of readily available attack resources such as botnets. As a result, he says, the DDoS business is currently a buyer’s market.

Arbor reports that the prices for attack services, sometimes called “stressers” or “booters” vary widely, as do estimates of the total cost of an attack to the victim. But the economics are simple: DDoS attacks are becoming cheaper than ever for the perpetrator; are extremely lucrative for the attack service provider, and potentially financially devastating for the target.

Arbor notes that an increasing number of operators resemble legitimate service provider infrastructures with significant computing power, typically running their own botnet armies to unleash DDoS attacks. Perpetrators can essentially rent the providers’ botnets by the hour, day or week, or in some cases can buy a specific number of bots outright. The mechanics of transactions follow a classic web service model, meaning the perpetrator and the provider need never come in contact.

Providers that conduct attacks-as-a-service even post their services online, with tiered pricing reflecting the different types of attack that they offer. Prices are based on several factors. They can include the duration of the attack, the perceived value of the target, the country in which the attack takes place and/or the different methodologies employed.  

In Arbor Networks 12th annual Worldwide Infrastructure Security Report, 59 percent of respondents estimated their downtime costs as being more than USD500/ minute in lost revenue (some ZAR6,700 per minute with the rand/dollar exchange rate on around ZAR13.50 to the dollar), with some indicating even higher losses. This also does not factor in the costs of repairing the damage, potential legal costs of settling with customers denied service, or reputational damage to the company’s brand.

Hamman concludes, “Here in South Africa, we may not yet face the overtness of DDoS operators advertising their services, as can be seen in the US. However, this does not mean that local companies shouldn’t be vigilant against DDoS attacks – protection is more vital than ever. A hybrid solution that combines on-premises and cloud-based protection is the industry best practice in DDoS defence. When you accept that DDoS attacks aren’t going away, and in fact are projected to escalate, it makes the best economic sense of all to make sure that you are adequately prepared against a DDoS attack.”

Leave a Reply

Your email address will not be published. Required fields are marked *

*