DDoS attacks could cost your company up to $450,000
Distributed denial of service (DDoS) attacks have grown fifty-fold in the last decade, and could cost your company up to $450,000Reuters

This month Arbor Networks, which monitors a third of the world's internet traffic, published its 10th annual Worldwide Infrastructure Security report.

In it, the company claimed that distributed denial of service (DDoS) attacks had gone from "mostly a nuisance and nothing more than an independent event" a decade ago, to "a very serious threat to business continuity and the bottom-line".

It said DDoS attacks had grown in size by a factor of 50 in the last 10 years, culminating with an attack of 400Gbps reported during 2014.

In further research on the impact of DDoS attacks, Kaspersky Labs has revealed that the cost to businesses of these technically simplistic cyber-attacks can reach $444,000 (£293,000).

The research found that, depending on the size of the company involved, DDoS attacks can impact your bottom line by anything from $52,000 up to $444,000.

In recent weeks we have seen the rise of hacking group Lizard Squad who offer a DDoS tool called Lizard Stresser for as little as $6 to knock someone offline.

What is a DDoS attack?

A distributed denial of service (DDoS) attack sees an attacker flood the server of a website or online service with so much traffic that it renders it inaccessible to everyone else online.

DDoS-for-hire

DDoS-for-hire services are freely available online, mostly on the dark web, offering companies an easy way to get a temporary advantage over their competitors - if of course they are willing to break the law.

DDoS attacks have long been used by hacktivist groups like Anonymous as an easy way to hit their targets using freely-available and easy-to-use tools such as LOIC (low orbit ion canon).

Not only does a DDoS attack impact a company's bottom line, it also impacts a company's reputation. The average costs specified by Kaspersky include several problems which are caused by such an attack being carried out.

Protection

According to the study, 61% of DDoS victims temporarily lost access to critical business information while 38% of companies were unable to carry out their core business.

One in three of the respondents reported the loss of business opportunities and contracts while slightly less (29%) reported that successful DDoS incidents had a negative impact on the company's credit rating.

"A successful DDoS attack can damage business-critical services, leading to serious consequences for the company. For example, the recent attacks on Scandinavian banks caused a few days of disruption to online services and also interrupted the processing of bank card transactions, a frequent problem in cases like this,"said Eugene Vigovsky from Kaspersky Labs.

"That's why companies must consider DDoS protection as an integral part of their overall IT security policy. It's just as important as protecting against malware, targeted attacks, data leaks and the like," he said.

As the Arbor Networks report reveals, DDoS attacks have become increasingly commonplace over the last decade with more and more people/businesses using them to carry out attacks against their competition online.

The high-profile attacks carried out by Lizard Squad (PlayStation Network, Malaysia Airlines, etc) have helped raise the public's awareness of its services, with the most recent attack seeing the group hack Taylor Swift's Twitter account.

Bill Barry, from NexusGuard, believes this business model is setting a dangerous precedent:

The DDoS for hire space has become so lucrative that these mayhem-for-sport acts of hacking a celebrity Twitter account is a way to build brand recognition and raise awareness that anyone, anywhere could be the victim of cyber attacks. This heightened market awareness becomes a dangerous marketing engine to allow anyone with a slight motive to launch their own attacks at intended targets. Using this tactic has meant that in a short time over 14,000 customers have signed up to use the Lizardstresser DDoS tool.