A day attack with DDoS booter cost $60 and can cause $720k in damage

According to a study conducted by the experts at Arbor’s ASERT Team a day attack with a DDoS booter cost $60 and can cause $720k in damage.

We have discussed several times about the concept of cybercrime-as-a-service, today I’ll show you a case related the offer for rent of distributed-denial-of-service (DDoS) attacks for less than US$60 per day.

According to Dennis Schwarz, Research Analyst on Arbor’s ASERT Team, a DDoS attack that costs US$60 per day could inflict as much as US$720,000 in damage to the victim organisation. Technically, these services are called booter or stresser services and could be sold as would-be legitimate tools for security professionals that need to test the resilience of their infrastructure to cyber attacks or their capacity to support a high-volume of traffic.

The problem is that criminal organisations are abusing booters for illegal DDoS attacks, one of the most popular examples is the one used by the LizardSquad hacking crew, the LizardStresser.

The popular security expert Brian Krebs and a research team discovered that the Lizard Stresser DDoS tool relies on compromised Home Routers, this is very common for such kind of illegal services.Schwarz examined one

Schwarz examined one booter service sold in the Russian underground a user with the pseudonym of Forceful. The researcher has compared the cost to rent per day with the average damage suffered by the victims.

Schwarz noticed numerous advertisements for a DDoS booter service on one of the many public Russian language forums, one of them was published by a bad actor known as “Forceful” who operated one of these services. Searching for ICQ number and/or Jabber address the experts discovered a number of advertisements starting from November 2014.

The ads typically contain:

A fancy logo, banner, or motto
Short explanation of what DDoS is
Type of DDoS attacks they support
Pricing
Reputation information
Contact details

Forceful charges $60 a day to rent the booter, meanwhile the cost on an entire week is $400, and anyway it offers a 10-minute test sessions to its clients.

“In this marketplace, it almost always starts with an advertisement for a DDoS booter service on one of the many public Russian language forums,” Schwarz says.

Thanks to a series of OPSEC mistakes made by Forceful, Schwarz and his team were able to identify the malware used by the threat actor and the structure of botnet he uses.

According to the Arbor Worldwide Infrastructure Security Report the average suffered by victims of the attack is US$500 per minute. The cost is attributable to downtime of the targeted infrastructure, reputational damage, and the price of remediation.

According to the data elaborated by the experts, a booter attack could cause US$7.2 million in damages a day, costs that could be drastically reduced by the adoption of DDoS defense solutions.

Schwarz highlighted the extreme asymmetry of the economics of DDoS attackers and urged organizations in adopting defensive solutions.

“As we see in Arbor’s most recent Worldwide Infrastructure Security Report (WISR), the average cost to the victim of a DDoS attack is around $500 per minute. And as we’ve seen above, the mean cost to the attacker is only $66 per attack. This finding highlights both the extreme asymmetry of the economics of DDoS attackers vs. those of the victims of DDoS attacks, as well as the importance of robust DDoS defenses to all organizations which depend upon their online presence for revenue, customer support, and other important business functions. The cost to launch a DDoS attack is so low that the barrier to entry for attackers is practically nil – and that means that *any* organization can potentially be the target of a DDoS attack, since the investment required to launch an attack is so low.”

According to Arbor Network’s BladeRunner, from July to October the Forceful’s booter bot was rented for 82 attacks equaling $5,408.

Stay tuned.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – DDoS booter,cybercrime)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.