Distributed denial-of-service attacks have increased in complexity so that they are no longer just an annoyance causing a disruption in service. Criminals are using these attacks as a distraction while targeting sensitive data, leaving enterprises to pay for lost business and breach recovery.
Any conversation that involved breaches this year included the statement, “It’s not if but when.” The expectation has become, as IDC’s Christina Richmond, program director, security services, said, “Breach is a foregone conclusion.”
For many companies, the attacks are frequent and more advanced. Richmond said, "Distributed-denial-of-service attacks are no longer an isolated event. Sophisticated attacks hit companies of all sizes, in all industries.”
According to a recent report from Neustar, the odds of getting attacked are one in two, but once an enterprise has been attacked, the likelihood that they will be attacked again is 80 percent. The report also talked about the new trends in both the size and frequency of DDoS attacks.
“If the attacker’s goal isn’t to cause an outage but to disrupt, he doesn’t need to craft an attack of extra-large proportions. A SYN Flood attack is a good example. The attacker sends enough SYN requests to a company’s system to consume server resources and stall legitimate traffic,” the report said.
The method of attacks have changed in complexity and variability. Attackers don’t launch a single attack but rather send out waves and multiple vectors. “They may launch an email attack or attack an application or a server. They may launch multiple attacks in different vectors, coming from different places and attacking different targets,” said Joe Loveless, senior security manager, Neustar.
Larger attacks are easier to detect and mitigate, but these smaller, frequent attacks result in more significant damage, Loveless said. “They create chaos but still leave access open somewhere else,” he continued. The result, according to Neustar’s report is that one in four companies experience an actual theft of data or funds.
Another growing trend in DDoS is ransom. “Extortion is becoming more common, and companies are paying ransom to avoid being attacked but they are getting attacked anyway,” Loveless said.
These attacks are particularly concerning because of the attacker’s stealthy ability to infiltrate the security environment during a disruption. Once they have access, they take a slow and steady approach and often go undetected until they have reached their target: valuable corporate data or funds.
“IDC believes that the customer is often the first to report a DDoS attack because their user experience suffers when they can't access a web site to buy a product, pay a bill, or find support,” Richmond said. The result is not only a financial loss, but a strike against brand and reputation.
Sign up for CIO Asia eNewsletters.