It only takes once: DDoS attacks succeed even as some attack rates fall

One of our most popular aphorisms has flip side. Namely, for every silver lining, there may well be a dark cloud lurking.

it only takes once ddos attacks succeed even as some attack rates fall

One of our most popular aphorisms has flip side. Namely, for every silver lining, there may well be a dark cloud lurking. Sadly, this more-sobering perspective seems to be warranted when it comes to some recent cyber attack statistics that, on the surface, may seem somewhat encouraging.

First, a quick reminder. It was only about a year ago, in the fall of 2016, that several major distributed denial of service (DDoS) attacks hit the front pages. They included the first truly large Internet-of-Things-based attacks, which marshalled hundreds of thousands of poorly secured IoT devices to overwhelm targeted sites with massive traffic volumes.

By comparison – and in a surprise to many – DDoS attacks seem to have eased back somewhat as 2017 has progressed, at least with regard to high-profile attacks. As it turns out, there is some evidence to support this impression.

A recent Neustar-commissioned survey on DDoS attacks found that 772 of the 1,021 (76%) organizations surveyed has experienced at least one such attack during the prior 12 months, roughly the same overall percentage as the prior year. In the 2017 survey, however, 24% of the those experiencing DDoS attacks reported experiencing only one (versus multiple) attacks. A year earlier, only 15% of the victims reported being attacked just once, with 85% attacked multiple times.

That’s the silver lining: the percentage of companies experiencing multiple DDoS attacks dropped by almost 10% year-over-year. You might think that the dark cloud is the fact that about three-quarters of companies surveyed continue to experience one or more of these  assaults. There’s an even subtler negative element, however: DDoS attackers are increasingly able to achieve their objectives, even with a single attack.

Those objectives go well beyond the traditional goal of simply swamping a victim’s site with  a deluge of network traffic. Increasingly, hackers and cyber thieves are using DDoS attacks as diversions to draw security defenses and attention away from other nefarious activities. The attackers’ true objectives may be to implant viruses, malware or ransomware, or to accomplish financial theft, intellectual property theft, or general business disruptions using these or other methods.

Among those companies experiencing only a single DDoS event, more than half (52%) were infected with a virus, 35% saw malware activated, and 21% suffered from an associated ransomware attack. Those success rates were roughly the same – or  higher –  than those experienced by companies attacked multiple times.

In short, companies shouldn’t assume they’ll be among the one-quarter who don’t experience a DDoS attack, nor should they take comfort if they’re among the one-quarter only attacked a single time. The percentage of DDoS attack successes is quite high, and their objectives can go well beyond website overloads.

As the Neustar survey report notes, “…despite modest improvement [in DDoS defenses], attackers are having greater impact, especially when it comes to many associated breach activities that are synchronized with DDoS offensives.”

Copyright © 2017 IDG Communications, Inc.