Neustar, a provider of real-time cyber-security information, has released its research on DDoS attacks in the EMEA. The findings come as part of Neustar's larger report on DDoS attacks, titled “North America and EMEA: The Continual Threat to Digital Brands for 2015”, for which they surveyed 800 executives from around the world in the financial, retail and technology sectors.
One of the report's main revelations is how DDoS attacks are becoming smaller but more frequent, in an effort to distract IT security teams while malware is installed on the target's system.
Nearly half – 40 percent – of reported DDoS attacks were less than five gigabits per second (Gbps), a relatively small attack, and 36 percent of firms surveyed found that malware had been installed on their systems after DDoS attacks.
Mark Tonneson, CSO and CIO of Neustar, remarked on this tactical shift: “In launching such an attack, the attacker accomplishes several things: he disrupts operations, distracts the website and security teams, and makes sure the target network is still operational - that is to say, accessible.” Tonneson added, “Now the attacker can go in and plant malware or a virus, setting the stage for data theft, siphoning funds, or whatever else.”
The financial services sector has been disproportionately hit with this tactic - 54 percent of attacks on financial services companies were less than five Gbps but nearly half of all attacks left viruses or malware.
Hacker groups can even be rented to perform such attacks, according to the report, for less than four pounds a month.
Among the report's findings were not just that DDoS attacks are becoming smaller but also more common and, increasingly, that they are becoming a sustained threat to businesses' profitability; 25 percent of firms that had sustained DDoS attack found that data or funds had been stolen afterwards. What's more, 40 percent of companies surveyed said their losses during a peak hour DDoS attack would be greater than £75,000 per hour.
In response to these changing tactics, firms are stepping up their cyber-security capabilities: 55 percent of firms are devoting more resources to their DDoS security than last year