Low-level persistent DDoS masks the real attack, warns report
Cybercriminals are using low-level DDoS attacks to mask malware injections, according to a report from information security services firm Neustar.
Half of the 800 executives surveyed for the report, titled North America and EMEA: The Continual Threat to Digital Brands for 2015, said they had suffered a DDoS attack in 2014 and early 2015, of which 80 per cent said they had suffered multiple attacks.
While 60 per cent of DDoS attacks still use heavy traffic to try and knock websites offline, 40 per cent are relatively small, at less than 5 Gbps, according to the report.
A total 36 per cent of executives surveyed said that, following a DDoS attack, they found malware installed in their systems. In the financial services sector, this rose to 54 per cent experiencing a DDoS of 4Gbps or less in strength and 43 per cent of all DDoS attacks leaving behind malware.
The results also show that companies in EMEA seem to be at greater risk both of DDoS attacks and subsequent malware injections. Of the almost 300 EMEA executives surveyes, 80 per cent said they had suffered a DDoS attack, of which 92 per cent reported a coinciding breach. Of that 92 per cent, two thirds experienced theft.
“These results really point to targeted attacks targeting a specific organisation for a specific purpose,” Margee Abrams, director of security services product marketing at Neustar told IT Pro.
Abrams said this also represents a particular, and recent, change of tactics.
“At the beginning of 2014, when we first did the report, we saw larger volumes of data in DDoS attacks and they would take the devices offline. Now what we’re seeing is, with these smaller volumes, they can keep the devices online so that they can do other things – they don’t want to totally saturate the device,” she said.
Mitigating an attack involves more than just the IT team as well, now.
“When a DDoS attack occurs, everyone, including the communications, marketing, risk and compliance teams are all mobilised, as well as IT, to mitigate it,” said Abrams. This is, potentially, in recognition of the brand damage an attack of this kind can do.
Businesses are continuing to fight back against the attackers at a technical level as well, though, with 73 per cent of those surveyed saying they are investing more in DDoS-specific protection and 46 per cent in hybrid technologies and counter-measures, which use both on-premise and cloud-based DDoS mitigation technologies to overcome attacks.