Source: https://cobaltstrike.net/2022/03/29/custom-ddos-attacks-cost-much-less-than-it-might-seem/
According to a recent report by the information security company Netscout, cybercriminals have increasingly resorted to DDoS attacks to intimidate victims more. This is especially true of cyber extortion groups that use multi-vector threats, usually against victims who refuse to pay ransom.
Partners of RaaS services (Ransomware-as-a-Service – extortionate software as a service) can, in addition to other techniques, also use DDoS attacks, mainly due to the developed cybercrime ecosystem.
As reported in the Netscout report, DDoS attacks cost attackers much cheaper than it might seem. Most of the services offering DDoS services for money even give their customers free trial basic attacks.
Netscout specialists have studied 19 such services claiming to have successfully carried out more than 10 million attacks. Many of them offer flexible tariff plans depending on the configuration of the attack, duration and capacity (bandwidth). Some offer free trial attacks, while others offer a five-day trial for just $5. A full-fledged attack, including one hundred simultaneous attacks, without daily restrictions and with a capacity of 1 million packets per second costs about $ 6.5 thousand.
One service even promises its customers a DDoS attack with a capacity of 1 TB/s, carried out with the help of 150 thousand bots, and asks for only $ 2.5 thousand for it.
The relatively low cost of custom DDoS attacks may be the reason that cyber-extortionate groups began to attack VoIP services.
Last year, the cyber-extortion groups REvil, BlackCat, AvosLocker and Suncrypt all used DDoS to extort money from victims.
According to the report, like the partners of RaaS services, DDoS services targeted a specific sector. Thus, software publishers faced a staggering increase in DDoS attacks by 606%, while insurance agencies (257%) and computer storage manufacturers (263%) also witnessed a significant increase in attacks.
According to the Netscout report, the total number of attacks last year was 9.7 million, of which 5.4 million were in the first half of the year and 4.4 million in the second.