Slashdot Mirror

← Back to Stories (view on slashdot.org)

53% of DDoS Attacks Result In Additional Compromise, Says Neustar (helpnetsecurity.com)

Posted by BeauHD on from the there's-more-where-that-came-from dept.

Orome1 quotes a report from Help Net Security: DDoS attack volume has remained consistently high and these attacks cause real damage to organizations, according to Neustar. The global response also affirms the prevalent use of DDoS attacks to distract as "smokescreens" in concert with other malicious activities that result in additional compromise, such as viruses and ransomware. The majority of organizations that suffered a DDoS attack (53 percent) also experienced some form of additional compromise. Forty-six percent of breached organizations discovered a virus, malware was activated at 37 percent of breached organizations, and ransomware was encountered at 15 percent of breached organizations. The report adds: "Neustar collected responses from more than 1,000 information security professionals, including CISOs, CSOs and CTOs to determine how DDoS attacks are impacting their organization and how they are mitigating the threat. The overwhelming majority of surveyed organizations (73 percent) suffered a DDoS attack. Eighty-five percent of attacked organizations were attacked more than once and 44 percent were attacked more than five times. Seventy-one percent of organizations took an hour or more to detect a DDoS attack and 72 percent took an additional hour or more to respond to the attack. Forty-nine percent of surveyed organizations would lose $100,000 or more per house of downtime during these attacks. The overwhelming majority of respondents (76 percent) are investing more in DDoS protection than they were a year ago. The majority of respondents (53 percent) are using traditional firewalls, 47 percent are using a cloud service provider and 36 percent are using an on-premise DDoS appliance combined with a DDoS mitigation service (hybrid solution).

31 comments

  1. What the heck... by Anonymous Coward · · Score: 0

    What the heck is an house of downtime?

    1. Re:What the heck... by Anonymous Coward · · Score: 1

      What the heck is an house of downtime?

      There is a house...in New Orleans...they call The Rising Sun. That kind of house? It looks like you could get some downtime there.

    2. Re:What the heck... by NotQuiteReal · · Score: 1

      It is about 1/128 of a library of congress in volume, so to convert to time you have to divide by how long it takes to walk through the library and multiply by an imaginary number, like SQRT(-1)*I+J.

      (I'll let you know what I and J are, later, but those fudge factors can almost always make the answer come out right)

      --
      This issue is a bit more complicated than you think.
    3. Re: What the heck... by Anonymous Coward · · Score: 0

      That's what I wanted to know too...

    4. Re:What the heck... by Opportunist · · Score: 3, Funny

      And it's been the ruin of many poor companies, and god, I know, we're one.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    5. Re:What the heck... by Zero__Kelvin · · Score: 1

      A house is an auto-miscorrected hour.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    6. Re: What the heck... by Anonymous Coward · · Score: 0

      That makes two summaries in a row with autocomplete-style typos in links. The previous summary said:

      "The deal with iPic should help Netflix' movies quality for awards."

      but nobody seemed to notice.

  2. Other way by s.petry · · Score: 1

    The logic the summary presents is backward. It is not that more than half of DDOS results in penetration attacks, it's that real attacks are covered by DDOS attacks. It's the old "hey, look over here, look over here" while they sneak in the side entry.

    TFA seems to say as much, so it seems like the summary is wrong (I only read what's posted here so maybe TFA is wrong)

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  3. Correlation is causation! by Anonymous Coward · · Score: 0

    Correlation is causation!

    Really they are going to say Ddos's lead to virus infections? What company doesn't get a virus infection?

  4. Multi-pronged attack or just multiple attacks? by quantaman · · Score: 4, Insightful

    The majority of organizations that suffered a DDoS attack (53 percent) also experienced some form of additional compromise. Forty-six percent of breached organizations discovered a virus, malware was activated at 37 percent of breached organizations, and ransomware was encountered at 15 percent of breached organizations.

    A DDos isn't a breach, and I'm not clear how a DDos would result in additional vulnerabilities unless the victimized organization did something unusual in their attempt to respond to it.

    I could see an attacker using a DDos as a smokescreen to distract the IT dept while they're running their real attack... but more likely I wonder if admins are simply doing an audit because of the DDos and discovering unrelated attacks at a result.

    --
    I stole this Sig
    1. Re:Multi-pronged attack or just multiple attacks? by myowntrueself · · Score: 1

      The majority of organizations that suffered a DDoS attack (53 percent) also experienced some form of additional compromise. Forty-six percent of breached organizations discovered a virus, malware was activated at 37 percent of breached organizations, and ransomware was encountered at 15 percent of breached organizations.

      A DDos isn't a breach, and I'm not clear how a DDos would result in additional vulnerabilities unless the victimized organization did something unusual in their attempt to respond to it.

      I could see an attacker using a DDos as a smokescreen to distract the IT dept while they're running their real attack... but more likely I wonder if admins are simply doing an audit because of the DDos and discovering unrelated attacks at a result.

      Yes, its a distraction and smoke screen.

      Also, systems under stress tend to become vulnerable to secondary infections, which is why sometimes it is right to take antibiotics when you have flu.

      --
      In the free world the media isn't government run; the government is media run.
    2. Re:Multi-pronged attack or just multiple attacks? by quantaman · · Score: 3, Interesting

      The majority of organizations that suffered a DDoS attack (53 percent) also experienced some form of additional compromise. Forty-six percent of breached organizations discovered a virus, malware was activated at 37 percent of breached organizations, and ransomware was encountered at 15 percent of breached organizations.

      A DDos isn't a breach, and I'm not clear how a DDos would result in additional vulnerabilities unless the victimized organization did something unusual in their attempt to respond to it.

      I could see an attacker using a DDos as a smokescreen to distract the IT dept while they're running their real attack... but more likely I wonder if admins are simply doing an audit because of the DDos and discovering unrelated attacks at a result.

      Yes, its a distraction and smoke screen.

      Also, systems under stress tend to become vulnerable to secondary infections, which is why sometimes it is right to take antibiotics when you have flu.

      But how? I don't know how complex networks are managed but I'd assume it would run more or less the way it did previously, only slower.

      There are only two real ways I can think of how a DDos would open vulnerabilities. First virus scanners may not be able to reach the systems they're supposed to scan (ie mailserver). And second, the regular secured systems might become inaccessible so people start using insecure workarounds instead.

      --
      I stole this Sig
    3. Re:Multi-pronged attack or just multiple attacks? by Anonymous Coward · · Score: 0

      A previous boss mentioned at one point that the reason DDoS attacks can be useful in this regard is that they cause some firewalls to fail open rather than to fail closed, thus allowing the attackers access to the network.

    4. Re:Multi-pronged attack or just multiple attacks? by amacide · · Score: 1

      But how? I don't know how complex networks are managed but I'd assume it would run more or less the way it did previously, only slower.

      You're exactly right. DDoS results in maybe staff not being able to email briefly, just annoying crap... Even that can be avoided with planning.

      It doesn't imply any further breaching. Maybe a trigger for systems audit - possibly a good thing in an ironic way.

      What triggers further inspection in my (PCI-DSS) infra is not DDoS... No, it's traffic from TOR endpoints that registers any blip on the routers.

      I've no issue with TOR. It has my best wishes. I will say though, our systems see not 1 byte of TOR traffic that's in any way a "legitimate visitor".

    5. Re:Multi-pronged attack or just multiple attacks? by fbobraga · · Score: 1

      Also, systems under stress tend to become vulnerable to secondary infections

      But how?

      Security team focused on something else...

    6. Re:Multi-pronged attack or just multiple attacks? by munch117 · · Score: 1

      But how?

      People.

      Everyone's under a lot of pressure to get things back up and running, and that's a big incentive to cut corners with procedure. Suppose someone calls you during a DDOS crisis and says "hi, I'm the highly paid consultant your boss' boss hired to handle this. I need you to go to www.wefixsecurityforyou.ru and download and run the DDOS diagnostics tool." You can't reach your boss to verify because your email and IP phones are down. What would you do? Do you have the guts to say no and risk being the guy who delayed recovery for hours, costing your company a million dollars?

  5. Distributed Denial of Spelling attacks? by Anonymous Coward · · Score: 1

    lose $100,000 or more per house of downtime

    That's what happens when your spell-checker is under attack.

  6. Tell this to the ABS by Anonymous Coward · · Score: 0

    Online census. Ha.
    Golden pot of honey data.

  7. Holly smokes batman by Anonymous Coward · · Score: 1

    More than 1 hour to detect a DDoS? Either those DDoS are really incompetent and don't clog the intertubes as intended or people are paying way more than they need, because cost per mpbs is higher in USA than most rest of the civilized world. Or just the network admins are complete idiots and can't see a showel when it hits them in the face, or all their IT is based in a 3rd world subcontinent and can't detect the DDoS because they just lost connection to the system they are supposed to manage.

    If you are hit by a DDoS there is no excuse not to know within 180 seconds !

    1. Re:Holly smokes batman by Anonymous Coward · · Score: 0

      Batman is happy to have a girl like Holly around...

  8. meme by Anonymous Coward · · Score: 1

    DDos attacks are the last gasp of the malware industry. All other attacks are known and avoidable, so hysteria must be focussed on DDos attacks to justify NSA surveillance of everyone.

    1. Re:meme by Opportunist · · Score: 1

      Just makes IoT manufacturers liable for their devices' participation in such an attack and you'll see that problem vanish quickly.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:meme by Anonymous Coward · · Score: 0

      Wouldn't it be great if compromised systems could be forced offline without having to beg and plead with their internet providers first? If you want to connect you have to make sure your systems are secure.

    3. Re:meme by Opportunist · · Score: 1

      I'm kinda wary getting ISPs involved. It's a small step from "you should check whether your users are running trojans in their IoTs" to "you should check whether your users are torrenting files."

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:meme by fbobraga · · Score: 1

      Wouldn't it be great if compromised systems could be forced offline without having to beg and plead with their internet providers first?

      wrong approach, I think: it can open ways of taking down content (webservers are 'devices'... database servers too) I think the suggestion of OP (make IoT manufacturers liable for their devices' participation in such an attack) much better

  9. part time online working by Anonymous Coward · · Score: 0

    my Aunty Sienna recently got Mercedes by working part time off of a home computer.
    see more at----------->>> http://tinyurl.com/Usatoday01

  10. Firewalls? For DDoS protection? by Anonymous Coward · · Score: 0

    Those (note the number is *also* 53%. Hmmm) defending against DDoS with "traditional firewalls" (WTF does that mean?) truly deserve to be p0wnd.

    1. Re:Firewalls? For DDoS protection? by fbobraga · · Score: 1

      there's a good point here: to blame someone else for your incompetence!

  11. Asked the wrong people by Anonymous Coward · · Score: 0

    "Neustar collected responses from more than 1,000 information security professionals, including CISOs, CSOs and CTOs" ...and there is your problem

    In 35 years I have never work for, or met a C-level person that actually knows what is going on with any part of the company.
    Most corporations I have worked for would have done much better without any input for C-level people.

    Ask shit-bags about a topic, and you magically get back shit!

  12. DDoS smokescreen? - Mitnick v Shimomura by al0ha · · Score: 1

    >>> The global response also affirms the prevalent use of DDoS attacks to distract as "smokescreens" in concert with other malicious activities that result in additional compromise Uh - DDoS as smokescreen for malicious activities? That required affirmation? http://wiki.cas.mcmaster.ca/in...

    --
    Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ