From $5, an individual can contract a denial of service attack to keep a company’s web page unusable
Last October, thousands of Internet users from the United States dawned without being able to connect to Twitter, eBay, Spotify, Netflix or The New York Times. The cause was a massive denial-of-service attack, known in cyber slang as DDoS, against internet provider Dyn DNS that caused interruptions of up to 11 hours in the activity of these platforms. The incident, one of the most serious in the last decade and affecting more than a billion customers worldwide, has highlighted the destabilizing potential and relative ease with which cyber criminals can put the Network.
In a post-attack article, Bruce Schneier, one of the internet security gurus, Pulling down internet is very difficult. However, in recent months there have been attacks targeting the main DNS (Domain Name System) that are of concern. If you load DNS, no one can resolve a domain in a search, which means that you cannot access a web page or platform service such as Netflix or Skype. Although it has not happened so far, if these internet systems are down, it can collapse, “says Raul Perez, Global Presales Manager of cyber security firm Panda Security. Pulling down internet is very difficult.
DDoS attacks are one of the most popular tools in the arsenal of cyber criminals. In addition to being one of the most profitable available to hackers. According to a recent Kaspersky Lab report, it is possible to launch a denial-of-service attack with a minimum cost of $7 per hour, whereas for the victim company the costs can amount to thousands or even millions of dollars lost.
“DDoS attacks are offered as a service over the Internet. You come to a web that can have the appearance of a lawful business and in which the client can select the type of attack that wants to launch and the victim to which it is directed” , Says Pedro Garcia Villacanas, at Kaspersky Lab. In some cases, loyalty programs are offered that offer rewards and points for each attack made. The only difference with a conventional company is that there is no contact or relationship between the supplier and the customer.
To carry out these attacks, explains Pérez, what the cybercriminals is “riding a small army infecting 1,000, 2,000 or 20,000 computers, forming a botnet, or network of bots – whose services sold later.” “A web has a limited number of visitors who can access at a time, if what they want is to render unusable what they do is send through these infected devices millions of visits per second until they manage to saturate the server,” says the Expert of Panda Security.
Depending on the type of attack and the recipient, the price ranges from $5 for five minutes in duration to more than $400 for a 24-hour incident. However, there are many factors that can affect the cost of the service. For example, a botnet built on Internet devices such as cameras or fridges, is cheaper than one based on servers since their levels of protection are lower. Other elements to take into account are the duration of the attacks and the location of the client. Attacks on English-speaking web sites are usually more expensive than similar attacks on Russian-language sites.
Average price: $25
The average price is $25, according to data from Kaspersky Lab, and the approximate cost per hour of an attack with a botnet of 1,000 PC is $7. This means that cybercriminals who organize denial-of-service attacks achieve a profit of $17.50 per invested amount. A margin that many companies would like.
The aim of these attacks, says Kaspersky expert, ranges from “harming the image of the company, to sabotage or personal revenge. They can even be organized as a distraction while looking for a greater information theft.”