A DDoS attack is cheaper than a pack of doughnuts

Do you know how much it costs to hire hackers for a DDoS attack? I'm asking for a friend. 

Anyway, Kaspersky Lab seems to know the answer as its researchers have spent some time looking into DDoS-as-a-service websites, and have come up with some numbers.

As it turns out, it's can be pretty cheap to have a website DDoSed, even though that could mean losses for the victim, in millions. It seems as hackers are undervaluing their services, yet again.

In a press release, Kaspersky Lab said a DDoS attack can cost “anything from $5 for a 300-second attack, to $400 for 24 hours”. The average price for an attack is approximately $25 an hour. Using a cloud-based botnet of 1,000 desktops will set you back roughly $7 per hour.

“That means the cybercriminals organising DDoS attacks are making a profit of around $18 per hour.”

The definitive price is determined by a couple of factors. First, what type of devices are being used. An IoT-botnet is cheaper than a server-botnet. The type of site that needs to be attacked can also be a factor. Government sites, or those with dedicated DDoS protection, will be more expensive. 

“We expect the profitability of DDoS attacks to continue to grow. As a result, will see them increasingly used to extort, disrupt and mask other more intrusive attacks on businesses,” commented says Russ Madley, Head of B2B at Kaspersky Lab UK. 

“Worryingly, small and medium sized businesses are not confident in their knowledge of how to combat these threats effectively. The longest DDoS attack in 2016 lasted 292 hours according to Kaspersky Lab’s research, or about 12 days. Most online businesses can ill-afford to have their ‘doors closed’ for even an hour, let alone for 292 hours, as criminals take advantage of their poor defences. Companies that host these online sites are also under attack on a daily basis. The channel has a significant opportunity with our help to identify risks, provide strategic advice and deliver the right solutions to customers to prevent damaging DDoS attacks.”

Image Credit: Profit_Image / Shutterstock