Companies Know DDoS Attackers

Tuesday, December 15, 2015 @ 03:12 PM gHale

Distributed denial of service (DDoS) attacks are a growing method of attack and it appears more light is shining on who is actually leading the assault.

Almost half of those hit by DDoS attacks said they know the identity of attackers, said a report from Kaspersky Lab.

Cyber Fraud, Inside Threat Growing
More IoT Vulnerabilities Discovered
Connected ‘Things’ Continues to Grow
Attack Vector: Smart Coffee Makers

Over 5,500 companies in 26 countries around the world took part in the survey, which found 48 percent of targeted companies believe they can identify attackers and their motivation, according to the report conducted by Kaspersky Lab and B2B International. The report found 12 percent of respondents believe their competitors are behind DDoS attacks.

Organizations in the business services industry look at competitors when they suffer attacks, with 38 percent saying rival companies paid for DDoS attacks. Overall, however, criminals looking to disrupt a company’s operations make up 28 percent of the suspects.

Companies also said 18 percent of DDoS attacks come from criminals seeking to disrupt or distract while another attack takes place. In addition, 17 percent of attacks come from criminals seeking to disrupt their services for a ransom. Political activists made 11 percent of threats, while governments or state powers account for 5 percent of attacks, the survey said.

When asked about the motivation behind an attack, respondents in the manufacturing and telecoms industries cited ransom as the most popular reason, at 27 percent. Telecoms, financial services and IT are the top three industries most likely to suffer from a DDoS attack, the survey said.

The respondents also revealed 50 percent of the attacks led to a noticeable disruption of service, while 24 percent of attacks resulted in services being completely unavailable. The report also found 74 percent of DDoS attacks that lead to a noticeable disruption of service coincided with a different type of security incident, such as a malware attack, network intrusion or other type of attack.

According to the report, 26 percent of the attacks lead to loss of sensitive data, while 31 percent of attacks resulted in the loss of non-sensitive business data. 47 percent of respondents said their business’ public website became unresponsive during a DDoS attack, while customer portal or login area ended up affected in 38 percent of attacks. 37 percent of respondents cited issues with communications services during an attack.

On average, enterprises admitted to losing $417,000 as a result of a DDoS attack, while small and medium businesses said their losses amounted to an average of $53,000.

“DDoS attacks are no longer just about cybercriminals seeking to halt a company’s operations. Businesses are becoming suspicious of each other and there is a real concern that many companies — including small and medium-sized ones — are being affected by the underhand tactics of their competitors, who are commissioning DDoS attacks directly against them, damaging their operations and reputation,” said Evgeny Vigovsky, head of Kaspersky DDoS Protection.

Click here to download the report.