Launching a DDoS attack doesn’t require a significant amount of tech-related knowledge anymore. Where before these attacks were typically tied to the work of professional hackers and hacktivist groups, an increasing number of attacks are coming from is known as DDoS for Hire services.
Think of DDoS for Hire as “hacking on demand.” A disgruntled employee, customer, or somebody with a grudge against your company or service can now enlist the help of a botnet regardless of their level of computer knowledge, and with a few clicks can launch a full scale DDoS assault on your servers.
What do you need to know about DDoS for Hire? Here’s eight important points to remember to get you up to speed.
They’re EXTREMELY easy to find online
While you’d think these services would rather operate in secret or on the dark web, most do not. While not specifically calling themselves “DDoS services,” they’ll use names like “stressers” or “booters” and are easily found on search engines like Google if you know what you’re looking for.
These services sell access to botnets on the cheap
Like a DDoS launched by professional hackers, DDoS for Hire attacks are carried out by botnets. The difference here is that the hacker sells access to their created botnets to anyone willing to pay for it. It’s cheap too – research found that the average one hour a month DDoS package can cost as little as $20.
Anyone can use these services
Years of experience in DDoS attacks have allowed enterprising hackers to create all but plug-and-play solutions to launch these attacks. All the hard work – the attack code, the enslaving of compromised devices to launch the attacks, and the setup files – is already done for the aggrieved party. It’s literally as easy as modifying a small part of a configuration file to point to the right target and in some cases clicking a button, and the attack is carried out automatically.
It’s a big and lucrative business
DDoS for Hire is no small problem. Earlier this year police in the Netherlands took down WebStresser, a DDoS for Hire service that is alleged to have launched over four million attacks from its more than 136,000 users. Another service generated $600,000 in revenue for its owners in just two years before being shut down in 2016.
The cost to the victim is no different
Despite the fact that these attacks aren’t directly being carried out by experienced hackers, the damage is equally crippling. These are the same botnets used by the hackers, only here they’ve turned it into a Software-as-a-Service (SaaS) much like Google Apps or Salesforce. You’ll still pay thousands to clean the mess up whether it’s a hacker or disgruntled but technology-challenged employee.
Some services mask themselves as legitimate
DDoS for Hire services are obviously illegal, so it’s difficult for these hackers to market their services to the public. You’ll see these services marked as “stressers” as mentioned above, claiming they can help you test server resiliency. There’s one problem though: they don’t verify ownership of the server or identity, so anyone can “stress test” any server they want.
DDoS for Hire will spur in an increase in DDoS attacks overall
While the number of DDoS attacks may not seem like it is increasing from what we hear on the news, it’s important to remember that the ones we hear about are typically only the large-scale attacks. However, overall the number of DDoS attacks are increasing – especially smaller scale ones – and DDoS for Hire will likely make up a significant portion of that increase.
Managed DDoS mitigation works against these attackers
While we’ve peppered you with a lot of bad news so far, there is some good news: third-party DDoS mitigation providers are more than ready to fight back. Because DDoS for Hire attacks are so similar to traditional DDoS attacks, the same mitigation strategies work to help stop them. Having a provider on hand to help when the inevitable attack occurs is an important part of your IT strategy.
The threat of DDoS isn’t going to go away any time soon, so the most important thing for any company to do is be prepared. Hiring third-party DDoS mitigation is a good first step and could potentially save you thousands of dollars down the road when an attack occurs.