According to Kaspersky Lab experts, the black market’s offering of DDoS services is quite high, and criminals who want to arrange such an attack find it to be quite profitable. They were also able to calculate that an attack using a cloud-based botnet of 1000 desktops is likely to cost the providers about $7 per hour. Sean Newman, Director at Corero Network Security commented below.
Sean Newman, Director at Corero Network Security:
“Taking the position of just paying an attacker, with the hope they’ll just go away, is a slippery slope – once attackers realise you are just willing to pay, rather than take other preventative actions, there is increased likelihood that they will just keep coming back for more. Even if you decide to pay the first time, this should be quickly followed by actions to prevent it being an issue in the future.
“The continued persistence and innovation by DDoS attackers highlights why it is now so important for organisations, of all types and sizes, to ensure they have modern, real-time, DDoS protection in place, alongside their more traditional security capabilities.
“The industry has already taken steps to make it harder to leverage traditional DDoS attack vectors, such as NTP and DNS, and although these are on a decline, they are still popular mechanisms for attackers. The recent use of botnets, build from poorly secured IoT devices, is more worrying and the industry still has a long way to go here, to ensure all internet facing devices are adequately secured and that default passwords on these devices must be changed by the end-user before they can be fully deployed. “