agsandrew - Fotolia

DDoS attacks openly on offer for $5 an hour, researchers discover

DDoS attacks have become a commodity, and are available openly on professional services online marketplaces for as little as $5 an hour, say security researchers

Researchers at security firm Imperva have discovered that distributed denial of service (DDoS) attacks are openly on offer for as little as $5 from online professional service marketplace Fiverr.

This is in marked contrast to just a year ago when DDoS services were typically available on the dark web for an average cost of $38 an hour, demonstrating that DDoS attacks have become a commodity.

The researchers found that DDoS attacks to take down web servers are being offered as “stresser services”, ostensibly for organisations to test the resilience of their own web servers.

However, the researchers found that while most providers avoided a question about whether the servers had to belong to those requesting the “stress test”, one admitted being willing to target any servers, except government websites and hospitals.

“This just goes to show that even DDoSers have some moral compass, as well as a healthy fear of the government,” said Igal Zeifman, senior manager at Imperva.

With the true capabilities of at least one of the “stress testers” confirmed, the researchers alerted Fiverr to the misuse of their service, and in two days, three of the stresser providers were removed.

“Fiverr’s decisive action should serve as an example to an online community that, by and large, has accepted the existence of stressers as a fact of life,” said Zeifman.

“From hosters maintaining their websites, to forums allowing promotional posts and review sites comparing offerings, stressers have embedded themselves into the internet landscape and – much like organic viruses – are feeding off of their hosts.”

Read more about DDoS attacks

  • There is a real concern that many companies are being affected by the DDoS attacks commissioned by competitors, according to Kaspersky Lab.
  • Smaller DDoS attacks can be more dangerous than a powerful attack that knocks a company offline but does not install malware or steal data, warns Neustar.
  • Attackers have discovered new ways to conduct DDoS attacks. Expert Nick Lewis explains how they work, and what enterprises can do about them.

The researchers called on anyone encountering an advertisement for an illegitimate DDoS-for-hire service to report it. “It’s time to the expose this charade by applying some stress to the stressers,” said Zeifman.

More than seven in 10 global brands were hit by DDoS attacks in 2015, according to a survey report by communications and analysis firm Neustar published in April 2016.

The survey of 1,000 IT professionals revealed 73% reported DDoS attacks in 2015, with 82% suffering repeated attacks and 57% suffering subsequent theft.

Although DDoS attacks are associated with criminal activity, not all those behind DDoS attacks are cyber criminals, acceding to research published by security firm Kaspersky Lab in December 2015.

Nearly half of more than 5,500 companies polled in 26 countries claimed to know the identity and motivation behind recent DDoS attacks, and 12% named competitors as the most likely culprits.

In the business services industry, 38% of respondents in this sector suspected their competitors of being behind a DDoS attack. ... ... ... ... ... ... ... ...

Read more on Hackers and cybercrime prevention