Distributed denial of service attacks, also known as DDoS, are becoming a major threat. They can bring websites and networks down, and generally make a lot of noise demanding attention.
And according to a new Kaspersky Lab report, that is exactly what hackers are using them for.
The strategy goes that as businesses are preoccupied with handling DDoS attacks, cybercriminals and hackers can use the opportunity for another, more targeted type of attack — like spear phishing, happens in the background. The conclusion comes in Kaspersky Lab’s report, which polled businesses about their cybersecurity experiences.
More than half (56 percent) say DDoS is being used to cover something else.
As Kirill Ilganaev, head of Kaspersky DDoS Protection, put it:
“DDoS prevents a company from continuing its normal activities by putting either public or internal services on hold. This is a real problem to businesses and it is often ‘all hands on deck’ in the IT team to try and fix the problem quickly so the business can carry on as before. DDoS can therefore be used not only as an easy way to stop the activity of a company, but also as a decoy to distract IT staff from another intrusion taking place through other channels.”
Getting back to the report, it surveyed businesses about their cybersecurity experiences. 29% of the attacks, DDoS was only used as part of tactics. Another quarter of the companies surveyed, 26%, said that when they lost data due to a targeted attack, they were also hit by DDoS.
The usual tactics include social engineering employees through their mobile devices, phishing scams, or even malicious activity from insiders.
Ilganaev continued: “The research shows us that DDoS attacks are often aligned with other threats. Businesses therefore need to be aware of the full threat landscape and prepared to deal with multiple types of criminal activity at any one time,”
“Failure to do this could increase the collateral damage, on top of already significant losses caused by downtime and the resulting impact on reputation. Businesses need to use a reliable DDoS protection service to reduce the risk of DDoS and help staff concentrate their efforts on protecting the business from any threats that can be hidden as a result.”
What to do about it:
The moment your organization is on the receiving end of a DDoS attack, start watching your back like a hawk. We recommend to immediately kick off a security awareness training campaign with the new Danger Zone Exercise Micro-module (scroll down to the end).
This 5-minute micro-module is an interactive course all about phishing. There are four scenarios where the learner is asked to spot the potential threat. Each scenario provides valuable feedback based on the learner's responses. There are two versions of this module, one with sound and one without.
Get a demo and see how this would work in your own environment.
Don't like to click on redirected buttons? Copy & Paste this link in your browser:
https://info.knowbe4.com/kmsat-request-a-demo
Source: http://www.itproportal.com/news/ddos-often-used-as-a-diversion-tactic/
