Analyzing the economic impact of IP stresser attacks
IP stresser services operate by controlling a large number of compromised computers, routers, IoT devices, and servers, known as a botnet. Customers rent access to these botnets to launch DDoS attacks that flood targets with junk traffic, overloading their bandwidth and resources. The sheer volume of traffic from a large botnet can take down websites, web applications, gaming servers, and more. Stressers rely on a variety of DDoS attack types, including UDP floods, ACK floods, SYN floods, HTTPS floods, and more.
Attacks are launched on-demand based on the customer’s targets and duration. Prices range from just a few dollars per hour to hundreds of dollars per month. The IP stresser business is almost entirely illegal. Federal law prohibits not just launching DDoS attacks but also providing DDoS-as-a-service. However, stresser operations are difficult to fully stamp out. Services hide behind Cloudflare, offshore hosting, cryptocurrency payments, and more.
Emergency mitigation expenses
Targets of a DDoS attack often have to quickly work with their internet providers, CDNs, and DDoS mitigation services to filter out attack traffic and restore availability. These services aren’t cheap, typically costing upwards of $3,000 per month. Emergency premium support during an active attack also incurs per-incident fees and additional charges.
Ransom extortion payments
Increasingly, DDoS botnets are used as extortion weapons. Criminal groups threaten companies that without payment, DDoS attacks will bring down websites and infrastructure. In these scenarios, there are additional direct economic losses from any extortion payments made, which further incentivizes cybercrime. Not all companies give in to these ransom demands, but some see it as the cheaper alternative.
Who is behind IP stresser services?
Given the anonymous nature of the best IP Booter services, very little is known about the operators and groups behind most sites. Research from threat intelligence firm Flashpoint offers some insights:
- Motivations are primarily financial with most stressers operating as booter services for profit. Some ideological groups like hacktivists also launch free attacks. Political censorship circumvention is a smaller niche.
- Operators tend to have higher skills including coding, administering botnets, and procuring infrastructure – reflecting their more entrepreneurial criminal nature compared to end-users renting attacks.
- Businesses are unstable with frequent service shutdowns and re-brands to evade authorities. New operators frequently try to fill any gaps left in the market by law enforcement actions. Competition remains high, which keeps stresser prices relatively low.
IP stresser use in cyber extortion campaigns
Increasingly stressers are utilized as key weapons to extort organizations by threatening the business impact of DDoS attacks. By 2015, over 25% of cyber extortion campaigns involved DDoS threats according to Verisign with the majority of perpetrators linked to Eastern European organized cybercrime gangs. Ransom demands in these extortion campaigns reach into the hundreds of thousands of dollars, likely recouping the costs paid to stressers many times over. Criminal groups exploit DDoS attack fears by researching their targets, crafting customized ransom notes, and providing samples of the havoc bandwidth floods could unleash on companies. Stressers thus directly enable bigger cybercrimes inflicting heavy economic damages through extortion. Combined with effective security incident planning, organizations also minimize business disruption and monetary damages inflicted by the economic menace of IP stressers.