DDoS Attack as a Diversion
Monday, September 21, 2015 @ 05:09 PM gHale
It is a classic attack method: Cause a distraction in one area and then hit the victim in another area while everyone reacts to the first attack.
When it comes to distributed denial-of-service (DDoS) attacks, that appears to be the issue as 75 percent of the time those assaults end up accompanied by another security incident, according to a report from Kaspersky Lab.
Those other attacks may or may not originate from the same party, but they can go undetected if the IT staff totally focuses on defending against the DDoS, said Evgeny Vigovsky, head of Kaspersky DDoS Protection.
“In many cases, it may be a coordinated effort, but even if these attacks originate from different sources, IT staff have to allocate resources to solve two problems at the same time, under a lot of stress,” Vigovsky said in a published report. Kaspersky polled top managers and IT professionals at 5,500 companies in 26 countries about their experiences with DDoS attacks.
While attackers do use DDoS as a smokescreen to hide data-stealing or network-damaging attempts, it’s difficult to attribute them for sure, Vigovsky said. But even if they are unrelated, the fact that they arrive simultaneously – even by chance – a high percentage of the time means security staff should make sure their DDoS-mitigation plan includes resources to look for other incursions.
Half the time DDoS attacks go unnoticed by end users, but about a quarter of the time they completely shut down services, the survey said.
About a quarter of attacks result in loss of data, possibly carried out by accompanying attacks, he said. The incidence of DDoS attacks lags behind malware, phishing and network intrusions, the survey said.
The No.1 target of DDoS is corporate Web sites, with customer portals/logins coming in second (38 percent) and communications services coming in a close third (37 percent). Manufacturing energy/utilities, and government end up tied for fourth at 18 percent apiece.