A DDoS (Distributed Denial of Service) attacsk can last for days, or even weeks- but its consequences can be even more far reaching. A new survey by security firm Kaspersky Lab and market research organisation B2B International has found that, in most cases, a Distributed Denial of Service (DDoS) attack is only the tip the iceberg.
As much as 74% of respondents representing the corporate sector reported that DDoS attacks against their companies coincided with other IT security incidents, such as malware or corporate network intrusions. Sometimes these are not coincidences, but deliberate attempts to distract IT personnel – an approach has been called DDoS smokescreening.
> See also: 10 steps to mitigate a DDoS attack in real-time
Data leaks were simultaneously connected with an attack in 26% of cases, while 45% saw malware incidents, and 32% of DDoS attacks also saw corporate network intrusions.
Of the industries worst affected, construction and engineering companies encountered the problem more than others; respondents from these sectors said that 89% of DDoS attacks on these companies coincided with other types of attacks.
Even without taking collatoral damage into account, DDoS attacks alone remain a major threat to business continuity and reputation – in 24% of all cases a DDoS attacks caused services outages, and in 34% of cases transactions failed. This figure has risen substantially from just a year ago when only 13% of companies reported their services becoming completely unavailable due to DDoS attacks.
> See also: Protests or profiteering – the hack remains the same
'It is natural that DDoS attacks are increasingly causing companies problems,' said Evgeny Vigovsky, head of Kaspersky 's DDoS protection arm.
'The methods and techniques used by criminals are evolving, with attackers looking for new ways of ‘freezing’ their victims’ operations or masking intrusion into their systems. Even with a large staff of IT professionals it is almost impossible for companies to handle a serious DDoS attack and recover their services on their own.'
'Moreover, if other malicious activity is going on at the same time, this multiplies the damage. The most dangerous part is that companies may never learn they were subjected to DDoS smokescreening.'
Kaspersky Labs advises that the best countermeasure against multi-vector attacks is a comprehensive protection solution that provides security against malware, intrusions and DDoS attacks all at the same time.