DDoS attacks are more than disruptions to service

While security teams are distracted by DDoS attacks, hackers are infiltrating networks with malware.

Distributed denial-of-service attacks have increased in complexity so that they are no longer just an annoyance causing a disruption in service. Criminals are using these attacks as a distraction while targeting sensitive data, leaving enterprises to pay for lost business and breach recovery.

Any conversation that involved breaches this year included the statement, “It’s not if but when.” The expectation has become, as IDC’s Christina Richmond, program director, security services, said, “Breach is a foregone conclusion.”

For many companies, the attacks are frequent and more advanced. Richmond said, "Distributed-denial-of-service attacks are no longer an isolated event. Sophisticated attacks hit companies of all sizes, in all industries.”

According to a recent report from Neustar, the odds of getting attacked are one in two, but once an enterprise has been attacked, the likelihood that they will be attacked again is 80 percent. The report also talked about the new trends in both the size and frequency of DDoS attacks.  

“If the attacker’s goal isn’t to cause an outage but to disrupt, he doesn’t need to craft an attack of extra-large proportions. A SYN Flood attack is a good example. The attacker sends enough SYN requests to a company’s system to consume server resources and stall legitimate traffic,” the report said.

The method of attacks have changed in complexity and variability. Attackers don’t launch a single attack but rather send out waves and multiple vectors. “They may launch an email attack or attack an application or a server. They may launch multiple attacks in different vectors, coming from different places and attacking different targets,” said Joe Loveless, senior security manager, Neustar.  

Larger attacks are easier to detect and mitigate, but these smaller, frequent attacks result in more significant damage, Loveless said. “They create chaos but still leave access open somewhere else,” he continued. The result, according to Neustar’s report is that one in four companies experience an actual theft of data or funds.

Another growing trend in DDoS is ransom. “Extortion is becoming more common, and companies are paying ransom to avoid being attacked but they are getting attacked anyway,” Loveless said.

These attacks are particularly concerning because of the attacker’s stealthy ability to infiltrate the security environment during a disruption. Once they have access, they take a slow and steady approach and often go undetected until they have reached their target: valuable corporate data or funds.

Joe Loveless, senior security manager, Neustar

“IDC believes that the customer is often the first to report a DDoS attack because their user experience suffers when they can't access a web site to buy a product, pay a bill, or find support,” Richmond said. The result is not only a financial loss, but a strike against brand and reputation.  

According to Dave Larson COO, Corero Network Security, “A number of things are going on in the landscape and it’s hard to say whether these are rapidly changing or we are just starting to see them.”

Denying service, which seems like it would have to be a big giant attack, is actually the result of something much smaller. “Almost 72% of attacks last less than five minutes and 93% are less than 1GB per second in capacity,” said Larson.

The attacks, though, are not about denying service. Larson said, “These aren’t just randomly occurring. People are orchestrating them, and they have to be doing this for a reason. We are starting to see material data breaches that included DDoS attacks as part of a multi vector intrusion.”

These smoke screen style attacks have significant impact on an enterprise because by design, they are distracting, which leaves security professionals looking in all the wrong places. “DDoS itself isn’t creating the data compromise, but if it is causing you to look in the wrong place, you could be one of the very many organizations that have already been breached and you don’t know it,” said Larson.

Constantly monitoring the environment to make sure that no unknown traffic is crawling around in the network will help to prevent a data compromise after a DDoS attack. Larson said, “You can imagine that more down in the weeds the impact could be that your environment is being scanned and crawled and floor planned. The bad guys are figuring out what they need to gain access.”

The cost of recovering from an attack is significant, particularly for small and midsize businesses. In a special report on security risks, Kaspersky Labs noted, “On average, a DDoS attack costs SMBs more than $50K in recovery bills, which is significantly more than the typical costs they face recovering from other types of attack.”

For some reason, though, companies still aren’t convinced that investing in security against DDoS attacks is money well spent. The Kaspersky Labs survey found that only around half of respondents (56% of IT professionals) believe that spending money to prevent or mitigate an attack would be worth the investment.

Evgeny Vigovsky, head of Kaspersky DDoS Protection at Kaspersky Labs said, “Protection from DDoS attacks is an important part of risk management, yet only 34% of survey respondents have fully implemented DDoS prevention systems of any type.”

There are many factors to consider in evaluating risks for enterprises, from dependence on online services to other resources. “In most cases, online services--websites, emails, databases--are critical. Without them, normal workflow stops,” said Vigovsky.

“Costs associated with failed online services are bigger than expenses for prevention solutions, but unfortunately, there are still companies that do not include DDoS attacks in their risk management strategy,” Vigovsky continued.

The risks of not investing in DDoS prevention and protection are more than monetary. “When a company has to mitigate an attack that is taking place instead of preventing an attack from occurring, then they will pay a steep price for not only lost business contracts and damaged reputation, but also for an urgent solution too,” said Vigovsky.

Echoing the need for prevention and protection, Larson said, “All reasonably likely to be attacked environments should have DDoS defense on the perimeter.”

One measure enterprises should take to build a culture that prioritizes security and prepares for the inevitable of an attack is, “Simulating worst-case scenarios in order to create a corresponding cybersecurity strategy,” said Vigovsky.

Enterprises can take steps toward making security a central concern for all. “A comprehensive strategy should include a combination of IT solutions, security policies and prepared staff to help prevent cyberattacks,” Vigovsky said.

Richmond said, “IDC believes that security needs to move toward being a positive contributor to the business. Security in and of and for and by itself no longer works.” Shifting the corporate culture to one that centralizes a concern for security must be a priority enterprises.

In order to effectively make that change, executives have to buy in to an inclusive plan that is well designed and focused on cross communication. DDoS attacks impact more than security, and everyone from marketing to public relations shares an interest in preventing these attacks and minimizing their impact.

Join the CSO newsletter!

Error: Please check your email address.

Tags ddos

More about CSOKasperskyRichmond

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kacy Zurkus

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts