DDoS no longer profitable?
A report from Symantec claims that DDoS attacks are declining because they are no longer profitable. Symantec argues that it costs a lot to keep a DDoS attack going, if the target refuses to pay up the cost continues indefinitely.
I suspect that there is another element at play here. The operator of a traditional extortion racket provides a guarantee of protection against attacks by other criminal gangs. The cyber-extortionist only promises to stop their own attack. Paying off the extortionist is expensive and provides no guarantee of service. Paying for a DDoS protection service might cost more than paying off the first attacker but certainly less than paying off the nth attacker.
Another relative weakness of the cyber-extortionist is that an economic threat is much less powerful than threats of violence. The business targeted by a cyber-extortionist is much more likely to respond by contacting the police. When a DDoS extortion gang targeted UK bookmakers Ladbrokes and William Hill they promptly called Scotland Yard, when the crooks accomplices appeared to collect the wire transfers they were immediately arrested [BBC].
