The Challenges of Conducting Business as Usual: Inside the DDoS Economy

Tidio Live Chat Software - Add Tidio live chat software to your website in minutes. Contact visitors and turn them into happy customers. Enhance their experience and boost your sales. Get it for Free

Most people with computer systems or websites want to keep them working. In many cases, these websites are an organization’s visible presence and the way that they advertise services and interact with customers.

Most hackers are out to ruin their target’s day. A Denial of Service (DoS) attack is when an attacker tries to render their target’s website or other systems unusable. This can be done in a variety of different ways, but most methods take advantage of some bottleneck in a system. A web server has a maximum number of connections that it can handle, memory that it can access, etc. If the attacker manages to force the webserver to reach this limit by dealing with their malicious requests, then the webserver is inaccessible to legitimate users.

Also Read

A Distributed Denial of Service (DDoS) attack takes DoS attacks to the next level. Instead of using a single computer to attack the target, a DDoS attack uses many computers (like members of a botnet). The larger number of machines involved in the attack allows the attacker to generate more malicious traffic (allowing them to overwhelm load-balanced web servers) and makes attribution and blocking more difficult. It’s easy to block all traffic coming from a single IP address but much more difficult to block hundreds or thousands of addresses without accidentally blocking a few legitimate users as well.

The threat of DDoS attacks has led to the creation of anti-DDoS protection systems. These systems are designed and optimized to identify and block attack traffic before it reaches the web server while letting legitimate traffic through. A good DDoS protection service will allow an enterprise to weather even the largest attack with minimal impact to legitimate users.

Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free

Table of Contents

How DDoS attacks have changed

In the past, DDoS attacks were relatively rare and required a level of technical know-how to perform. To perform a large-scale attack, you needed a botnet, which required the ability to exploit and maintain control over a large number of zombie computers. In recent years, the DDoS landscape has changed through the introduction of the Internet of Things, DDoS as a service, and Ransom DDoS attacks.

The Botnet of Things

The Internet of Things is designed to bring a new level of convenience to modern life. Many devices and appliances connected to the Internet are controllable via mobile applications or web interfaces, making them much easier to monitor and use. The main limitation of the Internet of Things is the extremely low level of security in existing systems. Many IoT devices have built-in default passwords, infrequent or non-existent device update and patch schedules, and no antivirus or monitoring to speak of. As a result, these devices are easily compromised by hackers.

Since most IoT devices run a fully functional Linux operating system, they make an ideal platform for an attacker wishing to build a botnet. They have the necessary Internet access, computational power, and device memory to be involved in a DDoS attack. As a result, DDoS attacks are becoming cheaper and more common as hackers take advantage of the massive number of IoT devices that consumers purchase and deploy without even minimal protection against attack.

DDoS For Hire

Another aspect of the evolution of DDoS attacks is the concept of DDoS as a Service. Instead of pursuing their own goals and agendas via a DDoS attack, hackers will rent out their services for a small fee. A “stressor” or booter” service gives the consumer access to an attacker-controlled botnet to attack a target of their choice for a certain amount of time.

The availability of DDoS attacks as a service creates a hugely asymmetrical relationship between organizations and their potential attackers. A DDoS attack against a large organization can cost as much as $1.6 million when all of the costs (lost revenue, customer churn, etc.) are taken into account. On the other hand, performing a DDoS attack using cloud-based infrastructure can cost a hacker as little as $7 per hour. They’re typically available to consumers for $25 per hour, allowing the hacker to make a tidy profit in the process. The low cost of renting a DDoS attack means that organizations are increasingly at risk from disgruntled employees and customers.

The questionable legality of DDoS services means that hackers can even advertise their services openly on Google. Using a stressor against your own services (to test for DDoS vulnerabilities) is completely legal. It’s only when they’re turned against someone else that it becomes a problem. This legal ambiguity allows DDoS service providers to operate openly with little fear of reprisal.

Monetizing DDoS

As if making money off of renting their services wasn’t enough, hackers with botnets have found another way to profit. In recent years, there have been several instances of ransom DDoS attacks. A ransom DDoS attacker will perform a DDoS attack against a target and threaten to continue doing so (either consistently or sporadically) until the target meets their ransom demand. The loss of revenue and the uncertainty can cause organizations to cave to the attacker’s demand so that they can resume business as usual.

Protecting yourself from DDoS attacks

DDoS attacks have the potential to significantly impact your organization. Even a one-hour attack can cause a significant loss of sales and customers, but the advances in the DDoS economy mean that large-scale attacks are cheaper and easier to carry out. While ISPs can protect against some DDoS attacks, investing in a DDoS protection service may be a necessity, especially if your organization’s business model is reliant upon having a functional and usable web presence.

Save up to 60% on OptinMonster

Stay updated

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.

- Advertisement -
- Advertisement -

Grow Your Business

Place your brand in front of tech-savvy audience. Partner with us to build brand awareness, increase website traffic, generate qualified leads, and grow your business.

Latest

- Advertisement -

Grow Your Business

Get these business solutions, tools and services to help your business grow.
Elementor

Elementor -Join 5,000,000+ Professionals Who Build Better Sites With Elementor. Build your website with 100% visual design that loads faster and speeds up the process of building them.

WP Rocket

WP Rocket - Speed up your website with the most powerful caching plugin in the world. The website speed increase means better SEO ranking, user experience, and conversation. It’s a fact that Google loves a fast site.

Kinsta

Kinsta - If you are looking for WordPress managed hosting, Kinsta is in the leading front. Kinsta provides WordPress hosting for a small or large business that helps take care of all your needs regarding your website with cutting-edge technology.

OptinMonster

OptinMonster - Instantly boost leads and grow revenue with the #1 most powerful conversion optimization toolkit in the world. 700,000+ websites are using OptinMonster to turn their traffic into leads, subscribers, and sales.

Related

- Advertisement -