Subscribe

DDOS 'smoke-screening' on the rise

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 14 Oct 2015
Companies report DDOS attacks against them coincided with other IT security incidents.
Companies report DDOS attacks against them coincided with other IT security incidents.

Cyber criminals have now turned to distributed denial-of-service (DDOS) 'smoke-screening'.

A global survey published by Kaspersky Lab yesterday shows that, in most cases, a DDOS attack is only the tip of the iceberg, as 74% of respondents representing the corporate sector reported DDOS attacks against their companies coincided with other IT security incidents.

Sometimes these are not coincidences, but deliberate attempts to distract IT personnel, says Kaspersky Lab, noting this approach has been called DDOS 'smoke-screening'.

However, Evgeny Vigovsky, head of Kaspersky DDOS protection, says in a survey conducted in May, South African respondents most often cited malware at 22%, hacking at 22% and DDOS at 3%. "So, while DDOS attacks are not high in South Africa, they are still prevalent and dangerous."

Kaspersky Lab notes that globally, DDOS attacks often coincide with malware incidents (in 45% of all cases), and corporate network intrusions (in 32% of all cases).

Even without taking collateral damage into account, Vigovsky says DDOS attacks remain a serious problem that increasingly affects company resources.

Specifically, he explains, in 24% of all cases a DDOS attack caused services to be completely unavailable (39% for government-owned companies). In 34% of all cases, some transactions failed due to such attacks (64% for transport companies).

Last year, these figures were significantly lower: only 13% of companies reported their services had become completely unavailable due to DDOS attacks, while errors in transactions were experienced by 29% of companies as a result of such attacks.

Significantly longer page loading times remained one of the most common consequences of DDOS attacks (53% this year versus 52% last year); however, according to the survey, attacks can last for days or even weeks.

"It is natural that DDOS attacks are increasingly causing companies problems. The methods and techniques used by criminals are evolving, with attackers looking for new ways of 'freezing' their victims' operations or masking intrusion into their systems," says Vigovsky.

"Even with a large staff of IT professionals, it is almost impossible for companies to handle a serious DDOS attack and recover their services on their own. Moreover, if other malicious activity is going on at the same time, this multiplies the damage. The most dangerous part is that companies may never learn they were subjected to DDOS smoke-screening."

Vigovsky points out that cyber criminals and hackers are using a number of different techniques to implement DDOS attacks that disable or overload the target business's IT infrastructure. These include volumetric attacks. "These attacks are increasingly common. By generating traffic levels that exceed the target business' available bandwidth, the attack saturates the capacity of the victim's corporate Internet connection - and that disables or delays all online activities."

The other technique is application layer attacks, whereby the attackers try to crash the servers that are running vital applications - such as the Web servers that the victim's online presence depends on.

The cyber criminals also deploy attacks that aim to disable network equipment and/or server operating systems that can totally halt the operation of key business processes. They also launch complex attacks that combine several methods - including volumetric, application layer and infrastructure attack techniques, Vigovsky adds.

As such, he believes, every business needs to have an anti-DDOS strategy. "Having an integrated DDOS attack protection and mitigation solution that takes care of every stage becomes critical to defend your business."

Share