DDoS attacks continue to rise, says Kaspersky Lab

Distributed Denial of Service (DDoS) attacks are rising, with over 33% of organisations facing a DDoS attack in 2017 – compared to 17% in 2016.

According to Kaspersky Lab’s Global IT Security Risks Survey 2017, this development in the cyber threat landscape means businesses are vulnerable to a DDoS attack.

The report found 50% of businesses claim the frequency and complexity of DDoS attacks targeting organisations like theirs is growing every year; 33% of organisations experienced an attack in 2017 – double the amount in 2016; 20% were very small businesses, 33% MBs and 41% enterprises.

Although figures for this year show companies are more likely to experience just one attack – in 2016, 82% faced more than one DDoS attack, compared to 76% this year.

‘Failure of transactions and processes ‘

26% of the organisations that have been hit by DDoS attacks reported a significant decrease in performance of services, and 14% said there was a failure of transactions and processes on affected services.

Many companies also claim that DDoS attacks are being used to cover-up other types of incident – leading to severe financial and reputational damage. In the first half of 2017, over 50% of those respondents affected by a DDoS attack claimed that it was used as a smokescreen.

50% reported that the attack hid a malware infection; 49% said that it masked a data leak or theft; and 42% said that the DDoS attack was used to cover up a network intrusion or hacking.

‘Hiding financial theft’

Another 26% of businesses reported that the attack was hiding financial theft.

Russ Madley, Head of Kaspersky Lab UK, said: “While DDoS attacks have been a threat for many years, it’s still important that businesses take DDoS attacks seriously as they are one of the most popular weapons in a cybercriminal’s arsenal.

“They can be just as damaging to a business as any other cyber crime, especially if used as part of a bigger targeted attack. The ramifications caused by these types of attacks can be far-reaching as they’re able to reach deep into a company’s internal systems.

“Organisations must understand that protection of the IT infrastructure requires a comprehensive approach and continuous monitoring, regardless of the company’s size or sphere of activity.”

Written from press release by Leah Alger