Last week, I was doing research in the DarkNet marketplaces to keep on top of the current trends in the threat landscape. One of the advertisements that struck me as typical was an advertisement for a DDoS botnet for rent. It wasn’t that there was a botnet for rent, as those are everywhere. It was the Listing Details that put together a value proposition for attacking somebody that caught my eye. It says:
“Another advantage of the DDOS attack that you probably don’t know is the loss of Google Organic Ranking. Google really don’t like unreachable URLs or slow website. As soon as they find a decrease of availability or speed, your target will be temporary removed from results and then it will lose his Google ranking. Two weeks after a four days DDOS attack, I have seen a website going from first page to third page.”
Most online commerce sites spend a tremendous amount of money getting to the first page in search. Organic Search results are the result of SEO efforts and quality of their website. Search Engine Optimization is done through a variety of website structure best practices and offsite traffic-building techniques. These techniques are both visible (content tweaks and changes) and non-visible (website code changes such as the meta description) to the visitor. AdWords are paid advertisements to be on the first page of search. Both have costs associated with them and most companies do a blend of both in their marketing budget.
A number of years ago, I worked with a company in the U.S. who had issues with competitors “scraping” their site for prices. This was the typical data harvesting operation to change prices and compete with their online marketing campaigns to gain the upper hand. When we helped them to identify and remove these competitors from their site, the traffic to their site immediately was reduced by 66% and their page speed and load times reduced by 50%, effectively doubling their page speed. As a result of this, their organic search ranking increased within a couple of months, and they enjoyed the benefits. A year later, we asked them about their online business, and it had grown exponentially and was competing with their physical stores for sales.
Now, what if somebody decides to use this knowledge to run DDoS attacks against their competitors? Can it lower their organic search rankings if the site is slow and or offline? Google has been putting more focus on page speed and page load times especially with mobile devices. If your pages aren’t loading quickly, then that can negatively impact rankings because the site overall has a poor user experience. User experience has become very important for engagement, and search engines are always working to keep their existing users.
One of the things we know already as of today is that bots and scrapers account for over 50% of page visitors to most web sites. This already puts a burden on servers and page load times. If your organization were paying over $100,000 a year in SEO and web-based marketing (or more), would you respond to a ransom letter threatening to DDoS your website for two weeks if you didn’t pay the ransom? What would it cost you if you went from first page in search to the third or fourth page? What would the impact be to your marketing efforts and SEO efforts if a single DDoS attack could take you backwards 2-3 years?
With ransom attacks becoming the leader in the motivation behind DDoS attacks, the criminals are seeing the increase in profits today:
Competition accounts for 26% of these attacks. It could be said that over 50% of the time, attackers are either competitors or somebody who would profit from your losses. You could ask companies who have been attacked, “what was the end result of the attack?” “Did it slow down the site?” “Did it cause a longer term latency to the page?” “Did it cause legitimate users to go away and cause lack of sales?”
With this advertisement on the DarkNet showing the value proposition of renting the botnet, is this something we will begin to see more of in 2017? Our prediction is that marketing departments are going to start seeing ransom letters proposing this loss, and not just the IT departments anymore.