Even the world of cybercrime is getting hit by falling prices and cheaper labor.
You can now anonymously hire a cybercriminal online for as little as $6 to $10 per hour, says Rodney Joffe, senior vice president at Neustar, a cybersecurity company. (Tweet This)
The company specializes in troubleshooting a kind of cyberattack called distributed denial of service attacks, or DDoS for short. Such aggressive attacks basically make an online site and services unusable, and more of such attacks are hurting businesses, large and small, according to new data.
As it becomes easier to engineer such attacks, with costs falling, more businesses are getting targeted. About 32 percent of information technology professionals surveyed said DDoS attacks cost their companies $100,000 an hour or more. That percentage is up from 30 percent reported in 2014, according to Neustar's survey of over 500 high-level IT professionals. The data was released Monday.
"A distributed denial of service (DDoS) attack is a generalized attack that stops users from gaining access to a service," said Joffe of Neustar, based in Sterling, Virginia.
More than 3.4 million DDoS cyberattacks were perpetrated worldwide in 2014, up more than 60 percent from 2.1 million, according to Arbor Networks, a cybersecurity company based in Burlington, Massachusetts. DDoS attacks target businesses large and small, government websites and large tent pole events such as the Olympics.
DDoS attacks have become so prevalent that committing the cybercrime is as easy as filling out an online form. You can track down such cyberthieves through a basic online search, Joffe said. Enter the website you want to target, how long you want the site to be disabled, and how you want to pay for the cybercrime—often in the form of virtual currency, , Joffe said.
As a point of reference, many of these cybercriminals available for hire are based in Russia or Eastern Europe, says Dan Holden, director of security research with cybersecurity company Arbor Networks. The bad guys also know when to strike and create the most damage, including targeting retailers during the holiday hopping season, Holden said.
DDoS attacks, of course, can cut into revenue and damage a company's brand. But some cyberthieves are only getting started.
Some use DDoS attack as a ruse to distract cybersecurity teams and then go in to level real damage. "For a large number of victims, [DDoS] attacks are used as a smokescreen or cover for other compromises," said Neustar's Joffe. Since many companies only have one cybersecurity team, cybercriminals try to distract them with a DDoS attack so they do not realize their network has been breached in other ways.
So what's a business to do?
The upside is more companies are paying more attention to DDoS attacks. About one-third of IT professionals surveyed by Neustar said their companies were investing more in DDoS protection infrastructure.
And more businesses are turning to a hybrid solution that includes having an on-site team that can start mitigating a DDoS attack, while a more skilled contractor is brought in simultaneously. More than 30 percent of companies surveyed are using a hybrid system, up from 20 percent in 2013, according to Neustar's data.
Says Arbor's Holden, "DDoS attacks are completely defendable."