The average cost of a DDoS (denial of service) attack in 2023 was $486,000, but this varied depending on several factors. Attacks lasting 68 minutes resulted in an average cost of $408,000 for unprotected organizations, with each minute of downtime costing $6,000.
But the cost for smaller businesses could be less than $100,000, while larger organizations could face financial losses exceeding $1 million.
DDoS can be segmented into three key types of attacks.
Each demands that the attacker takes a different approach – and highly sophisticated attacks sometimes combine the different methods to try and circumvent the protection of a cybersecurity solution.
The favorite of many low-skilled attackers, volumetric DDoS attacks aim to capitalize on the scalable nature of internet resources. Apps that demand quick responses – such as audio and video streaming – often rely on extremely fast UDP connections.
Within this, data is sent with no further confirmation that it’s been received.
The target server must also search for the relevant application when a packet arrives. This automated process means that, when a great deal of malicious traffic suddenly arrives at the IP address’ ports, the request processing mechanism can quickly begin to break down.
Key to this process is the sheer volume of individual requests: achieved via a botnet, these are often million-strong groups of infected WiFi-connected devices that can covertly be activated during an attack. Either rented or built from scratch, a botnet grants the horsepower to a volumetric attack’s engine – and its success demands overwhelming numbers.
As we just discovered, different protocols determine the ways in which data is transferred: some DDoS attacks rely explicitly on snags in their unique approaches. The Transmission Control Protocol (TCP), for instance, sets up a three-way handshake before data is transmitted.
Within this, the target device must wait on a final acknowledgement (ACK) packet.
An attacker can abuse this by making a victim server wait for an ACK response that never comes – multiplied across tens of thousands of requests, this consumes bandwidth until almost no genuine TCP connections can be established.
Application layer attacks focus on the disparity between client and server resource allocation. For instance, HTTP requests are computationally cheap, whereas delivering on the multiple files and database queries that make up a webpage is far more expensive.
This disparity is at the heart of the Slowloris application-layer attack, which sends partial HTTP requests to a targeted server to slowly drain resources from it.
Ordering a simple, small-scale DDoS attack can cost as little as $7: but the DDoS as a service market offers far wider-ranging and more expensive options. Some services allow for a customer to choose a specific attack scenario, and combine different forms of attack depending on the victim’s own circumstances.
Considering one report from cybersecurity researcher Denis Makrushin, ongoing attacks can cost around $20 per hour to conduct, with the provider further offering bonus points and hours in their own version of a loyalty scheme.
When delving into DDoS providers’ profit margins, compare this with the price of virtual servers: Amazon EC2 servers with next-to-no-configuration cost less than $0.007 per hour. 50 of these for a simple attack against an eCommerce store would only cost the cybercriminals around $0.325 for each hour of active attack.
Throw in some additional costs, like a burner SIM card to register the AWS account and a credit card to it, the hourly cost of performing a simple DDoS attack can be as low as $4.
The motives behind DDoS attacks are varied, ranging from opportunistic business owners wanting a service disruptions to the competition’s services to hacktivists sending a message to organizations they disagree with.
Each group has its own budget and access to the resources required, but average figures pin the cost of today’s DDoS attacks to around $40,000 per hour. This figure takes into account the loss of server and app performance from customer and employees, but note that further costs also rapidly accrue:
if sensitive data is stolen or contractual obligations missed, the victim will face further punitive costs.
For larger organizations, attackers know that a slew of legal costs face the victim; which is why extortion is a natural next step for many attack campaigns. Understanding that the victim likely doesn’t want the attack to continue, an attacker will ask for a price – often a small amount below the predicted price of a few days’ outage. This makes a DDoS attack even more profitable for attackers, and contributes significantly to the average total cost of an attack, which in the US is currently around $218k.
Attack mitigation can take several forms, but Perimeter 81’s ZTNA solution secures your most critical internal resources and segments resource access by role, device, and behaviors.
Get critical services off the public internet and away from opportunistic DDoS attackers, and better secure the ones that need to remain public-facing. By granting a single-pane-of-glass-view into your network’s behavior, it becomes possible to spot anomalies far faster.
To see how Perimeter 81 achieves this, explore a demo today and take your first step toward network security.
