53% of DDoS Attacks Result In Additional Compromise, Says Neustar

Orome1 quotes a report from Help Net Security: DDoS attack volume has remained consistently high and these attacks cause real damage to organizations, according to Neustar. The global response also affirms the prevalent use of DDoS attacks to distract as "smokescreens" in concert with other malicious activities that result in additional compromise, such as viruses and ransomware. The majority of organizations that suffered a DDoS attack (53 percent) also experienced some form of additional compromise. Forty-six percent of breached organizations discovered a virus, malware was activated at 37 percent of breached organizations, and ransomware was encountered at 15 percent of breached organizations. The report adds: "Neustar collected responses from more than 1,000 information security professionals, including CISOs, CSOs and CTOs to determine how DDoS attacks are impacting their organization and how they are mitigating the threat. The overwhelming majority of surveyed organizations (73 percent) suffered a DDoS attack. Eighty-five percent of attacked organizations were attacked more than once and 44 percent were attacked more than five times. Seventy-one percent of organizations took an hour or more to detect a DDoS attack and 72 percent took an additional hour or more to respond to the attack. Forty-nine percent of surveyed organizations would lose $100,000 or more per house of downtime during these attacks. The overwhelming majority of respondents (76 percent) are investing more in DDoS protection than they were a year ago. The majority of respondents (53 percent) are using traditional firewalls, 47 percent are using a cloud service provider and 36 percent are using an on-premise DDoS appliance combined with a DDoS mitigation service (hybrid solution).

Multi-pronged attack or just multiple attacks?

[quantaman]

The majority of organizations that suffered a DDoS attack (53 percent) also experienced some form of additional compromise. Forty-six percent of breached organizations discovered a virus, malware was activated at 37 percent of breached organizations, and ransomware was encountered at 15 percent of breached organizations.

A DDos isn't a breach, and I'm not clear how a DDos would result in additional vulnerabilities unless the victimized organization did something unusual in their attempt to respond to it.

I could see an attacker using a DDos as a smokescreen to distract the IT dept while they're running their real attack... but more likely I wonder if admins are simply doing an audit because of the DDos and discovering unrelated attacks at a result.