Distributed Denial of Service (DDoS) attacks are seeing more and more use as a smokescreen to divert security professionals away from the real mission – stealing data, a new report said.
Close to half of the organizations that reported suffering a DDoS or a breach last year also had malware installed or activated on their systems, according to Real-time information and analytics provider Neustar in its “DDoS Attacks and Impacts Report.” On top of that, 55 percent of those targeted with DDoS attacks had funds, customer data or intellectual property stolen. The study had responses from 450 companies in North America, representing various industries.
“When there’s a tremendous storm, you run around your house making sure all the windows are closed and you’ve got the flashlights ready,” said Rodney Joffe, senior vice president and senior technologist at Neustar. “You’re not worried about anything else. DDoS attacks are similar. They create an all-hands-on-deck mentality, which is understandable but sometimes dangerous.”
The study also shows 90 percent of the targeted companies suffered repeated attacks. As far as the number of attacks go, large ones have almost tripled. More precisely, the number of cyber attacks between 1 and 5 Gbps in size has increased by 150 percent.
In 2013, the number of attacks that required over 10 people to mitigate doubled compared to the previous year.
When it comes to costs, 40 percent of attacked organizations estimated suffering losses of over $1 million per day. Over half of the costs of DDoS attacks ended up absorbed by non-IT departments, particularly customer support.
While most companies have some sort of DDoS protection system in place, most of them still rely on traditional solutions, including switches and firewalls.
“DDoS attacks create an ‘all hands on deck’ mentality, and the potential for damage is high as criminals take advantage of the distraction to grab and clone private data to tap into funds, intellectual property and more,” Joffe said.
Click here for the complete Neustar 2014 “DDoS Attacks and Impacts Report.”