Kaspersky Lab published an analysis on the cost of a DDoS attack and services available in the black markets


Kaspersky Lab has published an analysis on the cost of DDoS attacks that 
 estimated that a managed attack service typically goes for $25 an hour:

“This means the actual cost of an attack using a botnet of 1000 workstations can amount to $7 per hour. The asking prices for the services we managed to find were, on average, $25 per hour, meaning the cybercriminals organizing DDoS attack are making a profit of about $18 for every hour of an attack.”


The offered services are various:

The price includes implementation of the following rather trivial scenarios:

SYN-flood;

UDP-flood;

NTP-amplification;

Multi-vector amplification (several amplification scenarios simultaneously).

“The price may change if the resource has political status” reads a resource promoting DDoS attacks

Rates for DDoS

The special features emphasized in the adverts for DDoS services can give a particular service an advantage over its competitors and sway the customer’s choice:

  1. The target and its characteristics. A cybercriminal that agrees to attack a government resource will attract customers who are interested in this particular service. The attacker can ask for more money for this type of service than they would for an attack on an online store. The cost of the service may also depend on the type of anti-DDoS protection the potential victim has: if the target uses traffic filtering systems to protect its resources, the cybercriminals have to come up with ways of bypassing them to ensure an effective attack, and this also means an increase in the price.
  2. Attack sources and their characteristics. This factor can determine the price the attackers ask for conducting their attacks. The cheaper it is for a criminal to maintain a botnet (defined, for example, by the average cost of infecting a device and including it in a botnet), the more likely they are to ask for bargain-basement prices for their services. For example, a botnet of 1000 surveillance cameras may be cheaper in terms of organization than a botnet of 100 servers. This is because cameras and other IoT devices are currently less secure — a fact that is often ignored by their owners.
  3. Attack scenario. Requests for atypical DDoS attacks (for example, the customer may ask the botnet owner to alternate between different methods of DDoS attacks within a short period of time or implement several methods simultaneously) can increase costs.
  4. The average cost of a DDoS attack as a service in a particular country. Competition can cause cybercriminals to raise or lower the cost of their services. They also try to take into consideration the ability of their audience to pay and devise their pricing policy accordingly (for example, a DDoS attack will cost US customers more than a similar offer in Russia).

I highly recommend you read the article on the Kaspersky Lab blog:

[embed]https://securelist.com/analysis/publications/77784/the-cost-of-launching-a-ddos-attack/[/embed]