Our blog

Cheaper, more accessible hacking tools are fuelling the popularity of DDoS attacks

k

03 October 2016

Global Services

Blogs by author:  Global Services , We’re a leading global business communications provider

LinkedInTwitterYouTubeSlideshare

By Stuart Murphy, DDoS Product Manager.

The pile ’em high and sell ’em cheap mentality has hit the world of DDoS cyber attacks. They’re now easier and less costly to carry out — are you protected?

Any product-development cycle starts with a relatively expensive creation stage requiring a high level of expertise. As any early adopter knows, staying ahead of the curve is a pricey business. But, as markets grow and the technology matures, costs fall.

Cyber attacks are following the same developmental curve. DDoS attacks originally required sophisticated tools to be created and were executed by experts. Recently, however, increasing ease of access to more user-friendly ways of carrying out attacks means that relative novices can do it. What’s more, the cost of attacks is much lower than before.

Now that more people and organisations have the capability to execute a DDoS attack, it’s increasingly vital that digital businesses make sure they have preventative security measures in place.

Pay-as-you-go cyber attacks.

So what are the DDoS tools of choice for today’s aspiring cyber criminal? Activity in 2016 is focusing on a triad of nasty but effective methods that combine high-traffic volumes with multi-vector attacks: booters, stressers and ransomware.

Booters are a service that gives paying customers the capabilities to carry out their own DDoS attack. Considered to be a lower risk form of attack, booters are popular because they hide a lot of information such as the server’s IP address, making tracking the attacker much more difficult. And, like any pay-as-you-go service, customers have a choice of packages at a variety of prices.

Or, if a cyber criminal wants to outsource a DDoS attack, many well-known DDoS groups now rent out their stresser services for a fee. The entry level costs for these services has been dropping for a while. Lizard Squad, for example, sells stresser packages from as little as six dollars a month.

Your money, or your digital business.

And then there are ransomware attacks, which have been on the increase throughout 2016. According to the Infoblox DNS Threat Index, the number of ransomware domains has increased 35-fold in the first quarter of this year.

The rise of new domains and subdomains, created to stay ahead of blacklists and other security filters demonstrates a growth in the attack infrastructure for ransomware — and is accompanied by a shift in cybercriminal energy towards such attacks. This increase is thought to be a result of simple market dynamics — recent attacks have been ‘successful’ and victim companies are paying out, attracting more ransomware activity.

However, by paying out, digital businesses are fuelling the ransomware industry. Although it may make financial sense for companies to pay the ransom when an attack is underway, this only eliminates the problem in the short-term: in the longer-term, it seems likely that paying out will increase the threat.

Prevention is cheaper than cure.

Unless DDoS attacks are to become an ever-more lucrative crime, digital businesses need to focus on prevention measures.

The good news is that we can help you stay ahead of the cyber criminals. From working out your threat vulnerabilities through to a comprehensive prevention programme, BT’s DDoS products can protect your organisation from today’s aggressive cyber attack strategies.