Revealed: the criminal ecosystem behind a DDoS attack

New research by cloud security provider Imperva has revealed an entire complex ecosystem of criminals, arms dealers and victims behind a DDoS attack, as well as the long-term damage they can do to businesses 

Related topics
Security

Related articles

DDoS ransom notes: why paying up will get you nowhere
How to stop hackers leveraging DDoS activity to cause more damage
Why focusing on combatting DDoS attacks is a fatal mistake

Share article

Short of time?

Print this pageEmail article

It takes an average of 19 days and $21,000 (£14,600) to resolve the a DDoS attack

They're frequently in the news affecting major organisations: Distributed Denial of Service (DDoS) attacks are one of the most powerful tools in a cyber criminal’s arsena. But no two DDoS attacks are alike.

New research by cloud security provider Imperva has revealed an entire ecosystem of criminals, arms dealers and victims, showing how DDoS attacks come in many forms depending on the cyber criminal's end goal, who the victims are, the arms dealers behind the attacks, the perpetrators and the average cost to mitigate the attack.

A typical brute force DDoS attack comes from a botnet - an enormous network of malware-infected devices, often numbering in the millions, that cyber criminals use to lock up your website.

Infected computers and mobile phones become unwitting components of a botnet as people browse the internet unaware of enabling any malicious activity. This cycle then creates a self-sustaining chain of criminal activity.

> See also: DDoS ransom notes: why paying up will get you nowhere

At the centre are the victims from whom the cyber criminals harvest data or leverage computing resources to conduct a DDoS attack. 

But who creates the botnet, and how do they do it? Kit makers can build user-friendly toolkits that make botnets easily accessible, and builders use these kits to build botn ets for herders and booters.

The bot herder then controls botnets via a remote command-and-control servers, and booters sell the botnets and toolkits under the guide of server stressers.

From here, cyber criminals buy these weapons to attack their victims. The perpetrators of botnet attacks range from hacktivists wanting to take a stand against politicians or controversial organisations, to extortionists ransoming sites for money, to hired guns making a living out of DDoSing others, and 'script kiddies' whose sole aim is to brag to their peers.

The attacks can vary wildly depending on the end goal- from a brute force barrage, to an application layer infection, to slowing your computer or making it difficult to complete an online purchase.

High profile DDoS attacks are in the news constantly, but the truth is that anyone with a public web presence (small or large) is a potential target, warns Imperva.

Even though DDoS attacks are often associated with large organisations, the research shows that 51% of all companies (no matter the size) have experienced a distributed denial of service attack. And on average, all companies face nearly two successful cyberattacks per week.

70% of DDoS attack victims are targeted more than once. And surprisingly, 35% of all cybercrime comes from insiders like employees, contractors, and various business partners.

> See also: How to stop hackers leveraging DDoS activity to cause more damage 

The fallout from a DDoS attack can be substantial in time and energy - according to Imperva the average cost to mitigate an attack is $408,292 (around £285,480) and it takes an average of 19 days and $21,000 (£14,600) to resolve the problem.

Beyond the significant financial impact, DDoS attacks can have long-term consequences as well, such as business disruption (39%), information loss (35%) and revenue loss (21%).

Unfortunately, it can take years for businesses to recover both financially and in terms of lost trust. According to Imperva's survey, companies face a raft of issues adter surviving a DDoS attack, including replacing hardware or software (52%), removing malware installed on the network (50%), losing customer trust (43%) and acknowledging theft of customer data (33%).