agsandrew - Fotolia

DDoS attacks openly on offer for $5 an hour, researchers discover

DDoS attacks have become a commodity, and are available openly on professional services online marketplaces for as little as $5 an hour, say security researchers

Researchers at security firm Imperva have discovered that distributed denial of service (DDoS) attacks are openly on offer for as little as $5 from online professional service marketplace Fiverr.

This is in marked contrast to just a year ago when DDoS services were typically available on the dark web for an average cost of $38 an hour, demonstrating that DDoS attacks have become a commodity.

The researchers found that DDoS attacks to take down web servers are being offered as “stresser services”, ostensibly for organisations to test the resilience of their own web servers.

However, the researchers found that while most providers avoided a question about whether the servers had to belong to those requesting the “stress test”, one admitted being willing to target any servers, except government websites and hospitals.

“This just goes to show that even DDoSers have some moral compass, as well as a healthy fear of the government,” said Igal Zeifman, senior manager at Imperva.

With the true capabilities of at least one of the “stress testers” confirmed, the researchers alerted Fiverr to the misuse of their service, and in two days, three of the stresser providers were removed.

“Fiverr’s decisive action should serve as an example to an online community that, by and large, has accepted the existence of stressers as a fact of life,” said Zeifman.

“From hosters maintaining their websites, to forums allowing promotional posts and review sites comparing offerings, stressers have embedded themselves into the internet landscape and – much like organic viruses – are feeding off of their hosts.”

Read more about DDoS attacks

The researchers called on anyone encountering an advertisement for an illegitimate DDoS-for-hire service to report it. “It’s time to the expose this charade by applying some stress to the stressers,” said Zeifman.

More than seven in 10 global brands were hit by DDoS attacks in 2015, according to a survey report by communications and analysis firm Neustar published in April 2016.

The survey of 1,000 IT professionals revealed 73% reported DDoS attacks in 2015, with 82% suffering repeated attacks and 57% suffering subsequent theft.

Although DDoS attacks are associated with criminal activity, not all those behind DDoS attacks are cyber criminals, acceding to research published by security firm Kaspersky Lab in December 2015.

Nearly half of more than 5,500 companies polled in 26 countries claimed to know the identity and motivation behind recent DDoS attacks, and 12% named competitors as the most likely culprits.

In the business services industry, 38% of respondents in this sector suspected their competitors of being behind a DDoS attack. ... ... ... ... ... ... ... ...

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

This development is dangerous and is truly frightening to everyone in business, to everyone who accesses those businesses. And now that we all know that this kind of disaster is imminent, what are we doing to stop it, to rip it's heart out at the core...?

Alas, the answer to that is equally frightening. And dangerous. And depressing. Perhaps we need to outsource the fix to these hackers.... We don't seem to have the intestinal fortitude to do it on our own.
Cancel
Technically, DDoS might be hard to distinguish from a usage spike. It also doesn't have to be launched from a zombie device.
Availability of cloud services for load testing also makes them available for scripting of DDoS attacks.
Cancel
It's a scary situation. When you can buy services like these on line it really shows your morals. Why would you need to buy this service? Are you afraid of your competition ? It think more needs to be done like posting info on how and where to report these attacks so we can take action.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close