In the DDoS-for-Hire Business, Customer Service Matters

You’re probably enrolled in an airline’s rewards program, receiving points or miles to use toward free flights. The more you fly, the more points you get. It’s a way to recognize customer loyalty.

Every type business wants to build a loyal customer base. Even the cyber criminals who run DDoS-for-hire services.

DDoS Loyalty Programs

As the DDoS-for-hire racket evolves, some such services have started offering repeat customers points and discounts toward future purchases. It’s a sort of DDoS loyalty program, according to a new report by Kaspersky Labs that digs deeper into the DDoS-for-hire market and the cost of attacks.

“Some developers even offer bonus points for each attack conducted using their service. In other words, cybercriminals have their own loyalty and customer service programs,” the report notes, adding that most DDoS attacks are ordered through full-fledged Web services, which removes the need for direct contact between the two parties.

Customers use these Web services to register for an account, make payments, manage their balance and attack budget, access reports and more. Kaspersky compared them to Web services offered by legal services. In the DDoS-for-hire biz, many of these Web services boast thousands to hundreds of thousands of registered users.

IoT-based Attacks Are Cheaper

According to the report, the cost of a DDoS attack fluctuates based on the target, the duration of the attack and the geographic location of the target. According to The Register, a DDoS attack can cost anywhere from $5 for a 300-second attack to $400 for 24 hours, and the average price for an attack is around $25 per hour.

The price of a DDoS attack also takes into consideration the attack’s generation and the source of attack traffic. For example, an attack leveraging a botnet made up of Internet of Things (IoT) devices costs less than an attack that uses a botnet made up of servers.

“At the same time, cybercriminals continue to actively seek new and cheaper ways to organize botnets,” the Kaspersky report states. “In this regard, the Internet of Things makes life easier for them. One of the current trends is the infection of IoT devices (CCTV cameras, DVR-systems, ‘smart’ household appliances, etc.) and their subsequent use in DDoS attacks. And while vulnerable IoT devices exist, cybercriminals are able to exploit them.”

Dawn of the DDoS of Things

The rise of DDoS-for-hire services comes on the heels of a spate of high-profile DDoS attacks that reached unprecedented volume, size and scope. For the first time on record, DDoS attacks have exceeded the 1 Tbps threshold, an upward swing that is expected to continue.

The Mirai malware is powering this tsunami of DDoS attacks, which takes advantage of unsecured IoT devices to build massive botnets and launch mammoth DDoS attacks. The uptick in DDoS activity has ushered in the DDoS of Things (DoT) era, where threat actors use unsecured IoT devices to build the botnets that drive colossal DDoS attacks.

According to our new DDoS of Things infographic, there are now roughly 3,700 DDoS attacks per day, and once a business is attacked there’s an 82 percent chance they’ll be attacked again.

DDoS Defense

A10 Thunder TPS, a line of high-performance DDoS protection solutions, detects and mitigates volumetric, multi-vector DDoS attacks at the network edge. For service providers, enterprises and security-conscious businesses, Thunder TPS is the first line of defense for network infrastructure. It helps prevent IoT-powered DDoS attacks and protects your business from the DDoS of Things.

The super-scalable A10 Thunder 14045 can mitigate DDoS attacks of up to 300 Gbps with a single appliance, and attacks of up to 2.4 Tbps when deployed in a cluster.

Learn more about A10 Thunder TPS.

Add new comment