DDoS attacks making hackers a 95% profit margin

Research by Kaspersky has revealed that arranging a DDoS attack can cost a hacker just $7 an hour, with a profit margin of around 95% - plus they sometimes get loyalty points.

The research firm investigated how hackers carry out a distributed-denial-of-service attack, revealing that it's as easy as 'customers' paying a 'service provider' a registration fee to kick one off. When they have completed the registration process, they receive a report about the attacks and sometimes even loyalty points for each attack they take part in.

Hackers charge their 'customers' varying amounts for DDoS as a service, dependent on factors such as the type of attack (an IoT-based botnet is cheaper than a server botnet), length of the attack, and the location of the target. The type of the victim will also have a bearing on how much it costs.

Hackers make a profit of around $18 an hour for each attack they launch, although that's radically increased if the criminal opts to use a ransomware attack rather than DDoS.

"We expect the profitability of DDoS attacks to continue to grow," Russ Madley, head of B2B at Kaspersky Lab said. "As a result, [we] will see them increasingly used to extort, disrupt and mask other more intrusive attacks on businesses."

"Worryingly, small and medium sized businesses are not confident in their knowledge of how to combat these threats effectively," Madley added. "The longest DDoS attack in 2016 lasted 292 hours according to Kaspersky Lab's research, or about 12 days. Most online businesses can ill-afford to have their doors closed' for even an hour, let alone for 292 hours, as criminals take advantage of their poor defences."

There's no doubt that DDoS attacks and other cybercrimes are making hackers lots of money, especially when companies come under fire repeatedly.

"Companies that host these online sites are also under attack on a daily basis," Madley said. "The channel has a significant opportunity with our help to identify risks, provide strategic advice and deliver the right solutions to customers to prevent damaging DDoS attacks."