Unable to log on to online games? Blame cheap-rate DDoSers

Running botnets-for-hire to mount DDoS attacks has become cheaper and easier than ever, according to a new research.

Imperva Incapsula reckons botnet-for-hire services might be acquired for for as little $19.99 per month, via underground forums and payable in Bitcoins. Short, single-vector attacks associated with botnet-for-hire services accounted for approximately 40 per cent of all network layer attacks during a research period that ran between March 1 through May 7, 2015.

Low-end DDoS attacks have long been associated with online gaming. Such "booter" (AKA stressor) services can be used to prevent rival gaming teams logging on to services. "Gamers can DDoS their own games to preserve their status," Tim Matthews, VP at Incapsula, told El Reg. "It's cheaper in some cases than buying virtual swords."

Steve Armstrong, managing director of security consultancy Logically Secure and former lead of the RAF's penetration and TEMPEST testing teams, agreed that DDoS attacks against online gaming platforms are a notable nuisance.

"DDoS is usually to prove a point or to object to some new aspect of the game to the owner or developer," Armstrong explained. "Sometimes they are just messing, but blackmail and other threats are not uncommon."

"The scale of DDoS goes from home Minecraft servers at the kid level to competition servers at the mid tier to the platform providers at the top. The Lizard Squad stressor was mainly booked for Minecraft attacks," he added.

The Lizard Squad are notable for running a series of heavy-duty attacks that knocked the XBox network offline just before Christmas last year, days before cynically launching a commercial DDoS-for-hire service. This service co-opted insecure home routers to generate floods of attack traffic.

Imperva further reports that, at the top end of the scale, DDoS attacks are beginning to resemble advanced persistent threats. This is evidenced by long durations, repetition and changing attack vectors between application layer and network layer attacks. A full run-down of Imperva's study on DDoS trends can be found in a blog post here. ®