A year ago this month, Ars Technica reported a denial of service attack that created some connectivity problems for about two hours. Given the rise in the number of denial of service attacks companies are facing, the fact that Ars Technica experienced some sort of attack is not unusual. What is unusual, however, is the method Ars Technica’s attackers used.
In the report, Ars Technica describes how its attackers leveraged “multiple accounts on TwBooter, a ‘booter’ site that provides denial of service attacks as a paid service.” In this particular case, site users can easily launch up to three simultaneous automated attacks with an online payment and a simple web interface.
The idea, as Ars Technica reports, is for users to leverage the tool for security testing. In reality, the site can be used for far more sinister activities—as Ars Technica states, “an account with rights to a single automated attack of up to 60 seconds in length is $10 a month. This means you can launch as many 60 second attacks as you want, one at a time, all month long.”
What does this mean for companies already reeling from the threats of DDoS? Unfortunately, it means that DDoS attacks just got easier—and cheaper—to launch. Would-be attackers need only to select the website they wish to target, pay a fee and watch for the results. What’s worse is that these attacks are even harder to trace, as the internet service provider the booter appears to be hosted from is not typically the provider in use.
If your company isn’t concerned about the threat of DDoS, simple, cheap attack methods like those presented by booters should kindle a spark of fear. According to Radware, the biggest impact of denial of service attacks isn’t site outages—in most cases (60 percent or so), service level degradation is the biggest concern. That can translate to a 1 percent decline in revenue for every 100 milliseconds of degradation in service.
Want to learn more about what you can do to prevent denial of service attacks? Stay tuned to our blog for big news in the coming month, or contact us for an overview.