What kind of DDoS damage does $50 buy?

0
47

Fifty dollars can be quite an investment. At the right supermarket, $50 will get you three cases of beer, which equals three good weekends. Alternately, it can get you a copy of Fortnite and a case of Flamin’ Hot Cheetos, which is not a slam about gamers eating Flamin’ Hot Cheetos because everyone eats Flamin’ Hot Cheetos and buying them by the case is the most economical option.

For those who aren’t in the mood for anything so productive or enjoyable, it turns out that $50 could also do a whole lot of damage in the form of a distributed denial of service (DDoS) attack. For the low, low price of $50, a person can make a business absolutely miserable and cost it a whole lot of money.

DDoS-for-hire services for everyone

In the last couple of years, the source codes of one botnet after the other have been released, and ever since then a DDoS for hire service has basically become the Etsy shop of cybercrime: anyone with a modicum of know-how who wants to make a little extra money shilling their junk can have one.

This brings us to a DDoS for hire service known as Ox Booter. Ox Booter is a relatively new offering in the DDoS for hire category, and it uses the Bushido botnet which appears to have been scraped together using the Mirai botnet source code as well as that of the Owari botnet.

Security researchers have been able to take a pretty good look at the Ox Booter service and Bushido botnet. On the whole, it’s nothing special. A botnet that piggybacks on ready-made code and a service that overstates its abilities, claiming 500 Gbps when researchers couldn’t get it to top 425. However, this overstated piggybacking Ox Booter is more than enough to inflict significant DDoS damage on a target, all for a pretty low price.

The budget breakdown

So what exactly does $50 get you on the Ox Booter? For fifty dollars a person can purchase the Gold+ package, which entitles them to 60 minutes worth of DDoS attacks in one month with the ability to launch two attacks at the same time. Ox Booter users get to choose from a variety of network layer or application layer attacks, so if they know anything about their target – say, that their target doesn’t have much extra bandwidth to go around, or that the target website has a lot of resource-intensive dynamic content – they can somewhat tailor the attack to strike a weakness.

The Gold+ package is a middling one on Ox Booter, with packages starting as low as $20 and going as high as $150. That $20 package – the Bronze package – allows a user to launch 15 minutes worth of DDoS attacks in a month, with the ability to launch just one at a time. It may be the cheapest offering on Ox Booter’s menu, but 15 minutes of a 425 Gbps attack is more than enough to take down a target site or service if it does not have professional cloud-based DDoS mitigation. That $150 package? Two hours worth of DDoS attacks, with the ability to launch two at a time. Enough juice to make a lot of businesses suffer, or to make one business in particular suffer for a long time.

Regardless of which package a would-be attacker selects, Ox Booter provides 24/7 support. How considerate.

Small investment, big consequences

By now it’s pretty well known within the business community that a DDoS attack can cost up to $100,000 per hour. Absurd as it may seem, someone with no technological know-how can spend $50 to cost a business $100,000 with a cyberattack. Even more absurdly, with the way the justice system is struggling to catch up with cybercrime, that person is very likely to get away with it. Businesses need to be looking at making an investment of their own in the form of professional cloud-based DDoS mitigation to prevent those six-figure cyberattack bills. Apparently not everyone is happy to spend their $50 on Fortnite and Cheetos. Too bad.