DDoS Costs: How Attackers Profit and Victims Lose
What’s fueling the rise in distributed denial of service (DDoS) attacks? The simple answer involves money and profits. And the math goes something like this:
- And attacker can charge roughly $25 per hour to launch a DDoS attack on behalf of a paying customer.
- But the attacker’s own cost to wage that digital war is only about $7 per hour.
- The net result: Attackers can make roughly $18 per hour in pure profit setting up attacks for paying customers.
Those data points surfaced in new research results from cybersecurity company Kaspersky Lab.
Key Factors That Affect the Cost of a DDoS Attack
Several factors affect the cost of DDoS attacks, including:
- Attack type.
- Attack source.
- Duration of the attack.
- Type of victim.
In addition, cybercriminals sometimes make more money if they demand a ransom from a target in return for not launching a DDoS attack — or to call off an ongoing attack.
“Cybercriminals are constantly on the lookout for new and cheaper ways of organizing botnets, as well as coming up with ever more ingenious attack scenarios,” Kaspersky Lab Security Researcher Denis Makrushin said in a prepared statement. “As long as there are vulnerable servers, computers and IoT devices connected to the internet, and many companies prefer not to invest in security against DDoS attacks, we can expect the profitability of DDoS attacks to continue growing, along with their complexity and frequency.”
How to Stop DDoS Attacks
Even major ISPs struggle to fully overcome DDoS attacks. But there are some ways to mitigate the issue. Indeed, service providers and enterprises can deploy next-generation firewalls, routers and load balancers to segment traffic across multiple servers in a network and divert traffic from an attack point, Chris Crellin, senior director of product management for Intronis MSP Solutions by Barracuda, wrote in a blog post.
Securing endpoints and IoT devices is a top priority for many organizations, Crellin pointed out. As such, MSPs can offer continuous monitoring services for these endpoints and devices to ensure they are not infected with malware that can be used to transform them into botnets for DDoS attacks.
Prevent a Network from Participating in a DDoS Attack
Jim Nitterauer, senior security specialist at email and web security company AppRiver, offered the following tips to prevent a network from participating in a DDoS attack:
- Set up simple outbound firewall rules.
- Configure an internal DNS server to track all DNS queries and report these logs using an aggregation service.
- Ensure DNS servers forward DNS requests to a DNS filtering service.
- Remove root forwarding from DNS cache servers.
- Configure a firewall to allow only authorized DNS server IPs outbound DNS access and allow those to only access configured forwarding servers.
- Do not expose internal network DNS services to the outside world.
- Use a spam filtering solution.
- Track all network devices.
- Implement a network scanner.
With these tips, an MSP can reduce the risk of DDoS attacks, Nitterauer noted.