DoS extortion is no longer profitable
In the last six months of 2006 we saw a pretty sharp decline in thedaily number of denial of service attacks. Although there are likely anumber of factors at play here, I think there is one primary factor:denial of service extortion attacks are no longer profitable.
DoS extortion attacks are usually carried out by a bot-networkowner. Using their bots, the extortionsist has to make a successful DoSattack against a target organization. Following that they have to issuethe extortion request and hope the target organization pays it.
The thing is that DoS attacks are loud and risky. Whenever abot-network owner carries out a denial of service attack they run therisk of losing some of their bots. This could happen either because anattacking computer is identified and disinfected, or if it is simplyblocked by its ISP from accessing the network. Furthermore, if thebot-network owner isn’t careful they could lose their entire botnetwork if their command and control server is identified. Since a DoSextortionist has to carry out at least one successful DoS attack beforethey can even demand their pay, they run some serious overhead risks.
So what happens if the target of the attack refuses to pay? The DoSextortionist is obligated to carry out a prolonged DoS attack againstthem to follow through on their threats. For a DoS extortionist this isthe worst scenario because they have to risk their bot network fornothing at all. Since the target has refused to pay, it is likely thatthey will never pay. As a consequence, the attacker has to spend timeand resources on a lost cause.
It is likely that bot network owners are now moving away from DoSextortion and towards more lucrative ventures like spam. Notsurprisingly, we saw a noted increase in spam volumes in the last sixmonths of 2006.