New study warns of rising smokescreening practice in cyberattacks
The top takeaway of a new study suggests that more and more frequently, distributed denial of service (DDoS) attacks are being used as a smokescreen, distracting organizations while malware or viruses are injected to steal money, data, or intellectual property.
The white paper, the 2014 Neustar Annual DDoS Attacks and Impact Report: A Neustar High-Tech Brief, reveals insights into this trend based on a survey of 440 North American companies, comparing DDoS findings from 2013 to 2012.
Over the last year, the study found, DDoS attacks evolved in strategy and tactics. More than half of attacked companies also reported theft of funds, data, or intellectual property. These cyber-attacks are intense but quick, more surgical in nature than sustained strikes whose goal is to extend downtime.
This year’s survey also demonstrated that the landscape of DDoS attacks is changing. The number of attacks is up, but attack duration is down, meaning that attacks are becoming more intense and harder to catch. Larger attacks are more common, but most attacks still are less than 1 Gbps. Although companies report a greater financial risk during a DDoS outage, most still rely on traditional defenses like firewall, rather than purpose-built solutions like DDoS mitigation hardware or cloud services.
Among the study’s other findings:
The conclusion of the report is that there is a trend towards shorter DDoS attacks, but also more attacks from 1 to 5 Gbps — quicker, more concentrated strikes, that suggest a growing presence of a highly damaging tactic called DDoS smokescreening.
Smokescreening distracts IT and security teams with a DDoS attack, allowing criminals to grab and clone private data to siphon off funds, intellectual property, and other information. In one case, thieves used DDoS to steal bank customers’ credentials and drain $9 million from ATMs in just 48 hours. Such crimes have caused the FDIC to warn about DDoS as a diversionary tactic.
The study urges businesses to watch for the warning signs, including shorter, more intense attacks with no extortion or policy demands. It also counsels them to follow best practices such as not assigning all resources to DDoS mitigation, but dedicating some staff to monitoring entry systems during attacks, making sure everything is patched with up-to-date security and to establish dedicated DDoS protection.
Rodney Joffe, Neustar senior VP and senior technologist notes, “The stakes are much higher. If you’re a criminal, why mess around with extortion when you can just go ahead and steal — and on a much greater scale?”
Request the full report here