Ignorant botnets: Don?t become a ‘victim’ attacker

Many DDoS attacks are carried out by unwittingly compromised companies—don’t let yours become one of them

The rising tide of DDoS attacks are hitting the news with alarming regularity. Yet if popular reports are to be believed there is only one victim: the person targeted in the incident.

In fact, this is not true at all. Numerous companies are actually perpetrating these attacks via employee machines they do not know are compromised. This could easily be your company and it could prove a lot worse for your brand than if you were merely the object.

“Everyone knows there is an attacker and a victim,” explains Aftab Afzal, SVP and GM EMEA at NSFocus IB, a specialist provider of DDoS mitigation. “However there is also the host—or hosts—which are often the infected or compromised devices of innocent users.

“One should also consider the networks of service providers and the impact to their users who are not under attack. In some of the really large attacks, even the available resources at internet exchanges can suffer and this can have a knock-on effect to national networks,” he adds.

Your brand will be tarnished if you launch an unwitting attack

Thomas Olofsson, CEO of Intelliagg, a provider of cyber threat intelligence, suggests: “A business that launches an attack unwittingly, or via a disgruntled employee, will of course attract brand, or possible legal damages against themselves. The victim however, whether they know immediately or not, can trace it back to a company or legal entity, and are then in a strong position to sue for damages.”

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.