via Symantec: DoS extortion is no longer profitable
In the last six months of 2006 we saw a pretty sharp decline in the daily number of denial of service attacks. Although there are likely a number of factors at play here, I think there is one primary factor: denial of service extortion attacks are no longer profitable.DoS extortion attacks are usually carried out by a bot-network owner. Using their bots, the extortionsist has to make a successful DoS attack against a target organization. Following that they have to issue the extortion request and hope the target organization pays it.
Statistics like DDoS volumes and motivations are difficult to accurately obtain, but this makes intuitive sense really. There are other, stealthier ways of making money out there. DDoS extortion involves an investment of time to negotiate with the victim and carefully monitor the attack, and leaves the attacker more vulnerable to profiling and tracing. As the Symantec post also points out, political and retribution attacks won’t be going anywhere, which also lines up with recent experience.
