DDoS Attacks: Small, but Repeated

Monday, September 21, 2015 @ 06:09 PM gHale

There is a change in tactics from those sending out distributed denial of service (DDoS) attacks, with smaller but more repeated attacks to distract firms’ security while malware ends up installed to steal important information.

Around 40 percent of attacks are relatively small at less than 5 Gbps. Such attacks designed to take websites offline are available from hacker groups for hire costing as little as $5.92 a month, said researchers from Neustar.

DDoS Attack as a Diversion
Mobile Malware Growing on Windows devices
Report: Cyber Attacks On U.S. ‘Advanced, Persistent’
Fighting Off the ICS Pivot Point

In the wake of online attacks, 36 percent of executives surveyed discovered malware installed in their systems and 25 percent revealed stolen data or funds.

In the Financial Services sector the results were even more damaging, with 54 percent of attacks being less than 5 Gbps in strength but 43 percent of all attacks leaving malware or viruses.

Headline findings from the research include:
• DDoS attacks moved from singular to repeated attack patterns. Half of all surveyed companies suffered a DDoS attack in 2014 and early 2015, with more than 4 out of 5 of those suffering numerous attacks over the period and 54 percent of companies hit at least six times
• The duration of DDoS attacks is increasing and causing a sustained threat to businesses’ profitability and brand reputation – more than 4 out of every 10 attacks last longer than an entire day, with 10 percent lasting around a week
• In the EMEA region, 40 percent of companies’ losses due to a DDoS attack during peak hours would be greater than $111,839 (€100,000) per hour of downtime
• 90 percent of the executives and professionals surveyed viewed the threat from DDoS attacks as being greater than or equal to that of last year, with concern focusing on the need to protect against data breaches
“If the attacker’s goal isn’t to cause an outage but to disrupt, he doesn’t need to craft an attack of extra-large proportions,” said Mark Tonnesen, CIO and CSO for Neustar. “A SYN Flood attack is a good example. The attacker sends enough SYN requests to a company’s system to consume server resources and stall legitimate traffic. It’s a kind of ‘low and slow’ DDoS attack—steady and problematic, though not tsunami-like.”

“In launching such an attack, the attacker accomplishes several things: He disrupts operations, distracts the website and security teams, and makes sure the target network is still operational—that is to say, accessible,” he said. “Now the attacker can go in and plant malware or a virus, setting the stage for data theft, siphoning funds, or whatever else.

“Think about it, why saturate the pipes if you can’t access the network? Doing the reverse lets attackers harass a target and set the stage for exfiltration. In this sense, a so-called smaller attack can be more dangerous than a huge one that knocks you offline but may not result in a data breach,” Tonnesen said.

This changing nature of DDoS threats and the rising cost of failing to properly prepare is driving businesses to take steps to mitigate against this risk. More than half of all the executives surveyed had over six staff members dedicated to IT security and DDoS protection, with 55 percent of businesses investing more in DDoS security than last year.

The report received recipients from almost 800 executives and professionals from the United Kingdom, Europe the Middle East, Africa and the U.S. in the financial, retail and technology sectors among others.