Hide and Seek Brings Persistence to IoT Botnets

The rapidly evolving Hide and Seek botnet is now persistent on a wide range of infected IoT devices.

IoT devices tend to be simple. So simple, in fact, that turning them off and back on again has historically been a reliable way to eliminate malware. Now, though, a new variant of the Hide and Seek bot can remain persistent on IoT devices that use a variety of different hardware and Linux platforms.

A research team at Bitdefender described the new variant of a botnet they had first discovered in January with notes of two important developments, one novel and one in keeping with a broader trend in malware.

Persistence in IoT devices is novel and disturbing since it removes a common defense mechanism from the security team’s toolbox. In order to achieve persistence, Hide and Seek must gain access to the device via Telnet, using the protocol to achieve root access to the device. With root access, a file is placed in the /etc/init.d/ directory where it executes each time the device is rebooted. According to the Bitdefender researchers, there are at least 10 different versions of the executables that can run on 10 different system variants.

“Once this new botnet has been armed, it isn’t going to do anything but increase the availability of the already prevalent DDoS tools for those looking to launch such attacks,” says Sean Newman, director of product management at Corero Network Security. He points out that this is disturbing for technology advancement reasons, but it might not immediately make a huge impact on the DDoS environment. “With most IoT devices rarely rebooted and easily re-infected if they are, it feels like this may not make as much impact as you might think to the already burgeoning supply of botnets,” he says, “particularly those being used to launch damaging DDoS attacks.”

As part of a broader trend in malware, Hide and Seek shows considerable development and evolution in the code being deployed. Since its initial discovery in January of this year, “The botnet seems to undergo massive development as new samples compiled for a variety of architectures have been added as payloads,” according to the Bitdefender Labs blog post on the malware.

“This showcases the continued evolution of malware and how the internet continues to democratize access to information, malicious or otherwise,” says Dan Mathews, director at Lastline. He lists some of the ways in which the industry has seen botnet malware evolve since the days of Mirai, including, “…default & expanded password guessing and cross-compiled code to run on multiple CPU architectures added, as well as exploits added to leverage IoT vulnerabilities, exploits added for peer to peer communications, and now exploits added for persistence.”

Hide and Seek’s original version was notable for using a proprietary peer-to-peer network for both C&C and new infection communication. Now that persistence has been added to the feature mix, the botnet has become a more pressing concern for the owners of the 32,000+ already infected and those IoT devices that are vulnerable and still unprotected.

Source: https://www.darkreading.com/iot/hide-and-seek-brings-persistence-to-iot-botnets/d/d-id/1331783

  • 0

DDoS Attacks Ebb and Flow After Webstresser Takedown

Shortly after Infosecurity Magazine reported that administrators of the world’s largest DDoS-as-a-service website had been arrested, Link11 wrote a blog post, concluding that “In the short period of time since that date, the Link11 Security Operation Center (LSOC) has seen a roughly 60% decline in DDoS attacks on targets in Europe.”

The reported deduction differs significantly from the findings of Corero Network Security. President Andrew Lloyd questioned the conclusions drawn by Link11, saying, “Our own evidence is that attack volumes globally and in Europe have, if anything, increased in the week since the Europol take-down action.”

In stark contrast to the LSOC findings, Corero noticed a spike in distributed denial-of-service (DDoS) attacks around 17 April but said, “Since then, European attacks have remained higher in the second half of the month versus the first half of April and the year as a whole.”

The news that law enforcement agencies had closed down Webstresser.org was a big win for cybercrime fighters. “But even so, the number of attacks will only decrease temporarily,” said Onur Cengiz, head of the Link11 security operation center. “Experience has shown in recent years that for every DDoS attack marketplace taken out, multiple new platforms will pop up like the heads of a hydra.”

A Kaspersky Lab study released on 26 April, on the heels of the Webstreser takedown, gives evidence that supports the changing tides of DDoS attack types and the ebb and flow of attacks Cengiz’s alluded to in his statement.

According to the Kaspersky Lab DDoS report, Q1 revealed an increased number of DDoS attacks and targets, but there are distinctions among the different attack methods. “Amplified” attacks were beginning to wane but had a bit of a boost in momentum, while network time protocol (NTP) and DNS-based boosting had almost disappeared after most vulnerable services were patched.

DDoS attacks as a means of personal revenge grew more popular in Q1 2018. Also trending were Memcached attacks that resemble a typical DDoS attack; however, according to the Kaspersky report, “Cybercriminals will likely seek out other non-standard amplification methods besides Memcached.”

As server owners patch vulnerabilities, there will be dips in certain types of attacks. “That being the case, DDoS masterminds will likely seek out other amplification methods, one of which could be LDAP services,” the Kaspersky report authors wrote.

Source: https://www.infosecurity-magazine.com/news/ddos-attacks-ebb-flow-after/

  • 0

Why DDoS Just Won’t Die

Distributed denial-of-service attacks are getting bigger, badder, and ‘blended.’ What you can (and can’t) do about that.

Most every organization has been affected by a distributed denial-of-service (DDoS) attack in some way: whether they were hit directly in a traffic-flooding attack, or if they suffered the fallout from one of their partners or suppliers getting victimized.

While DDoS carries less of a stigma than a data breach in the scheme of security threats, a powerful flooding attack can not only take down a company’s network, but also its business. DDoS attacks traditionally have been employed either to merely disrupt the targeted organization, or as a cover for a more nefarious attack to spy on or steal data from an organization.

The April takedown by the UK National Crime Agency and Dutch National Police and other officials of the world’s largest online market for selling and launching DDoS attacks, Webstresser, was a big win for law enforcement. Webstresser boasted more than 136,000 registered users and supported some four million DDoS attacks worldwide.

But in the end, Webstresser’s demise isn’t likely to make much of a dent in DDoS attack activity, experts say. Despite reports that the takedown led to a significant decline in DDoS attacks, Corero Network Security saw DDoS attacks actually rise on average in the second half of the month of April. “Our own evidence is that attack volumes globally and in Europe have, if anything, increased in the week since the Europol take-down action,” said Andrew Lloyd, president of Corero.

Even without a mega DDoS service, it’s still inexpensive to wage a DDoS attack. According to Symantec, DDoS bot software starts as low as a dollar to $15, and less than one-hour of a DDoS via a service can go from $5 to $20; a longer attack (more than 24 hours) against a more protected target, costs anywhere from $10 to $100.

And bots are becoming even easier to amass and in bigger numbers, as Internet of Things (IoT) devices are getting added to the arsenal. According to the Spamhaus Botnet Threat Report, the number of IoT botnet controllers more than doubled last year. Think Mirai, the IoT botnet that in October of 2016 took down managed DNS provider Dyn, taking with it big names like Amazon, Netflix, Twitter, Github, Okta, and Yelp – with an army of 100,000 IoT bots.

Scott Tierney, director of cyber intelligence at Infoblox, says botnets increasingly will be comprised of both traditional endpoints—Windows PCs and laptops—as well as IoT devices. “They are going to be blended,” he said in an interview. “It’s going to be harder to tell the difference” in bots.

The wave of consumer products with IP connections without software or firmware update capabilities will exacerbate the botnet problem, according to Tierney.

While IoT botnets appear to be the thing of the future, some attackers have been waging old-school DDoS attacks: in the first quarter of this year, a long-tail DDoS attack lasted more than 12 days, according to new Kaspersky Lab research. That type of longevity for a DDoS was last seen in 2015.

Hardcore heavy DDoS attacks have been breaking records of late: the DDoS attack on Github recently, clocked at 1.35 terabytes, was broken a week later by a 1.7TB DDoS that abused the Memcached vulnerability against an undisclosed US service provider. “That Github [DDoS] record didn’t even last a week,” Tierney said in a presentation at Interop ITX in Las Vegas last week.

The DDoS attack employed Memcached servers exposed on the public Internet. Memcached, an open-source memory-caching system for storing data in RAM for speeding access times, doesn’t include an authentication feature, so attackers were able to spoof requests and amplify their attack. If properly configured, a Memcached server sits behind firewalls or inside an organization.

“Memcached amplification attacks are just the beginning” of these jacked-up attacks, Tierney said. “Be ready for multi-vector attacks. Rate-limiting is good, but alone it’s not enough. Get ready for scales of 900Mbps to 400Gbps to over a Terabyte.”

Tierney recommended ways to prepare for a DDoS attack, including:

  • Establish a security policy, including how you’ll enact and enforce it
  • Track issues that are security risks
  • Enact a business continuity/disaster recovery plan
  • Employ good security hygiene
  • Create an incident response plan that operates hand-in-hand with a business continuity/disaster recovery plan
  • Have a multi-pronged response plan, so that while you’re being DDoSed, your data isn’t also getting stolen in the background
  • Execute tabletop attack exercises
  • Hire external penetration tests
  • Conduct user security awareness and training
  • Change all factory-default passwords in devices
  • Know your supply chain and any potential risks they bring
  • Use DDoS traffic scrubbers, DDoS mitigation services

Source: https://www.darkreading.com/endpoint/privacy/why-ddos-just-wont-die/d/d-id/1331734

  • 0

From The Internet Of Things To The Internet Of Thoughts

The development of the cyber environment is articulated through new digital scenarios — from the technological development of smartphone apps to the Internet of Things, from the sharing economy to social networks — the circulation of personal data has expanded extensively and rapidly. In particular, I recognize a slow but decisive transition from a material, utilitarian and free sharing typical of the sharing economy, for which self-regulation was sufficient, to today’s atmosphere of social sharing. If the services of the sharing economy technologies seemed to put the privacy of users at risk, the new system seems to be even more saturated with issues. In fact, the social sharing of photographs, thoughts and confidential information risks endangering the privacy of internet users and, considering that much of this personal data is also transported overseas where the discipline and the protection provided is profoundly different, the question becomes extremely complex.

This shift is characterized by the diffusion and horizontal expansion of increasingly sophisticated and integrated social engineering methods and techniques, and through the release and sharing of technologically persuasive applications. These scenarios are found in the profile of cyber ttacks and are significant characterizations in terms of behavioral matrixes and operational creativity.

Inevitably, the concepts of knowledge and information management have been redefined and are now almost completely digitalized, with significant relapses in terms of security. In today’s cyber scenario, a new multidimensional concept of security has emerged, deriving from the interpenetration of the paradigms of social change and digital-media convergence — both understood as multipliers of instances coming in particular from the underground. This underground becomes ever more reticular, competent and cohesive, from a digital point of view, until it’s the “cartilage” of the system exoskeleton, not only in infrastructural terms but also in terms of cultural identity.

As a result, open society, right-to-know and digital info sharing become the pillars of contemporary democratic architecture. It is necessary to explore cyberspace in a deep and scientific way — to understand it as a human space, one which needs to be identified and analyzed dynamically, with scientific rigor, avoiding any reductionist simplicity dictated by the fashions of the moment. The specificities and the socio-cultural differences between activism and hacktivism are also worth examining in the transition process toward fully digital models of politics and diplomacy.

As an example, Bitcoin should not be considered mere virtual currency, but also as an instrument, product and modality of self-construction. It’s an identity-based dissemination of digital exchange communities and an interactive process through which all the subjects involved create information, innovation and resources.

It is essential to direct operational research into the elaboration and anticipation of scenarios that are no longer futuristic or even too far in the future — ones in which we imagine the impact and dynamics of the cybercriminals who use distributed denial of service (DDoS) or botnet attacks. These attacks might be a self-legitimized form of cyber-protest or a revisitation, in a cyber environment, of protest sit-ins that animated most of the 20th century and which often caused paralysis not only of viability but also of the vital functions of important institutions.

The unknown journey that leads humanity toward post-globalization is strongly marked by some pieces of evidence including the conflicts arising from the frictions between the development of the metropolitan institutional environment and the organizational dynamics of transnational digital communities and the advent of new sexual-digital identities.

We are witnessing the progressive emergence of organized and globalized criminals, above all at the level of the media. These criminals are born from the necessity of evolution through the web, pre-existing local and internationalized structures, and by long processes of criminal hybridization. This hybridization has connected them through the web. This evolution requires a resetting of operational missions based on full integration between social sciences and computational technologies in order to uncover qualitative and quantitative strategies that can be used to attain a deep understanding of the organized and now digitized criminal complex.

The triangulation of big data, web intelligence and information assurance turns out to be the key to managing the complexity and the centrality of information, which is now the regulating essence of every aspect of life. Today, it’s important to focus not just on the internet of things but also on the sometimes obscure internet of thoughts, which requires equal amounts of analytical attention. This emphasizes that today cyber can no longer be considered an object external to mankind, and should instead be seen as pervasively connected to it. Therefore, in firmly considering cybersecurity as a dynamic process and not a static product, it is evident that it is not possible to guarantee the security of the globalized citizen in relation to the relationship between freedom and democracy, without using appropriate conceptual tools to understand and manage the complexity that turns out to be unquestionably human, cultural and social.

Source: https://www.forbes.com/sites/forbestechcouncil/2018/05/07/from-the-internet-of-things-to-the-internet-of-thoughts/#67a7651c736f

  • 0

DDoSer Who Terrorized German and UK Firms Gets Off Without Jail Time

A German hacker who launched DDoS attacks and tried to extort ransom payments from German and UK firms was sentenced last month to one year and ten months of probation.

The hacker, identified by authorities only as 24-year-old Maik D., but known online as ZZb00t, was fingered for attacking companies such as eBay.de, DHL.de, billiger.de, hood.de, rakuten.de, DPD.de, EIS.de, ESL.eu, but also some UK firms.

Hacker would launch DDoS attacks and then extort victims

ZZb00t would act following the same pattern. He’d first warn companies via Twitter, and then launch DDoS attacks, taking down services from hours to up to a day.

Maik, who in real life was an IT security consultant, would often criticize companies for their poor security practices.

“Sadly but true @[REDACTED] your servers just sucks,” he wrote in one tweet. “Never thought that [REDACTED] was so extremely poorly protected. It’s more than embarrassing,” he wrote in another.

He’d often claim his actions were only for the purpose of exposing security weakness, claiming he was a vulnerability hunter.

But Maik wouldn’t launch DDoS attacks just out of the kindness of the kindness of his heart so that companies would improve security. The hacker would often send emails promising to stop attacks for a payment in Bitcoin.

Hacker arrested after one company pressed charges

His DDoS and extortion campaigns have been tracked all last year by German blog Wordfilter.de [1, 2, 3, 4]. A recently released Link11 report details the hacker’s tactics.

The hacker was active at the same time as another DDoS extortion team named XMR Squad, and Link11 claims in its report that there was a working relationship and coordination of attacks between ZZb00t and XMR Squad members.

Link11 says it documented over 300 of ZZb00t’s tweets related to attacks he carried out before German authorities arrested the suspect on May 23, last year, putting an end to his attacks.

Source: https://www.bleepingcomputer.com/news/security/ddoser-who-terrorized-german-and-uk-firms-gets-off-without-jail-time/

  • 0

Security Holes Make Home Routers Vulnerable

Security threats abound on the internet, which is why ethical hackers and security researchers spend much of their time in search of these issues. As part of the work that they do to keep the internet safe, researchers at vpnMentor announced that they have found an RCE vulnerability in the majority of gigabit-capable passive optical network (GPON) home routers.

With more than 1 million people using the GPON fiber-optics system, the network is pretty popular. Because so many routers today use GPON internet, the researchers conducted a comprehensive assessment on a number of the home routers and found a way to bypass all authentication on the devices, which is the first vulnerability (CVE-2018-10561).

“With this authentication bypass, we were also able to unveil another command injection vulnerability (CVE-2018-10562) and execute commands on the device,” vpnMentor said.

Through a comprehensive analysis of the GPON firmware, researchers learned that the combination of the two vulnerabilities granted full control of not only the devices but their networks as well.

“The first vulnerability exploits the authentication mechanism of the device that has a flaw. This flaw allows any attacker to bypass all authentication,” they wrote. This critical vulnerability could leave users’ gateways vulnerable to being used for botnets.

The authentication bypass bug could easily be exploited so that the gateways could be accessed remotely. “If verified, these home gateways join the escalating category of botnet-vulnerable IoT devices, and they underscore the growing risk of very large botnet-based DDoS attacks,” said Ashley Stephenson, CEOCorero Network Security.

Because this class of routers is most often directly connected to high-speed broadband internet connections, compromised devices could be covertly herded by a bot master to form a botnet large enough to generate high-impact distributed denial-of-service (DDoS) attacks against victims around the world, said Stephenson.

Source: https://www.infosecurity-magazine.com/news/security-holes-make-home-routers/

 

 

  • 0

DDoS Attacks Go Down 60% Across Europe Following WebStresser’s Takedown

EXCLUSIVE —Link11, a DDoS mitigation firm, says that DDoS attacks fell 60% across Europe following the takedown of WebStresser, the largest DDoS-for-hire portal on the market.

The service was taken down last week, on April 24, when several law enforcement agencies across Europe, under Europol coordination, seized servers, arrested suspects, and shut down the website WebStresser.org, a popular portal where Internet users would go to register, pay for accounts, and launch DDoS attacks against other websites.

Takedowns of DDoS-for-hire services make temporary dents

In a report that Link11 plans to publish later today on its website, the company said that WebStresser’s takedown had a significant impact on DDoS activity, especially across Europe.

“The Link11 Security Operation Center (LSOC), which monitors DDoS attack activity on the internet 24/7, has registered lower attack activity, especially on April 25 and 26, presumably due to [the] elimination of the source,” a Link11 spokesperson says.

“The LSOC has seen a roughly 60% decline in DDoS attacks on targets in Europe, […] down 64% from the peak number recorded,” he said.

Onur Cengiz, Head of the Link11 Security Operation Center, says the slowdown in DDoS attacks is only temporary, and he anticipates attacks to ramp up as new DDoS services rise to fill the gap created by WebStresser’s abrupt demise.

WebStresser was the most popular DDoS-for-hire service

Europol said WebStresser had over 136,000 registered users at the time it was shut down and had been responsible for over 4 million DDoS attacks in recent years. Prices for a WebStresser premium account that had access to the DDoS feature started as low as €15 ($18.25).

The service was by far the most popular DDoS booter (also known as DDoS stresser) service on the market, also receiving top billing in Google searches for “DDoS booter” or “DDoS stresser” keywords.

The service was supposedly run by a Serbian 19-year-old named Jovan “m1rk” Mirkovic.

According to the Link11 DDoS Report for Q4 2017, Europe had seen approximately 13,452 DDoS attacks in the last three months of 2017, totaling 1,675 hours combined, with the largest reaching 70.1 Gbps. The Link11 report cited a 116% rise in DDoS attacks.

Source: https://www.bleepingcomputer.com/news/security/ddos-attacks-go-down-60-percent-across-europe-following-webstressers-takedown/

  • 0

FOI Request Rings Alarm Bells on Critical Infrastructure Security

With just eight days to go until the EU’s Network and Information Systems (NIS) Directive becomes legally enforceable, a Freedom of Information (FOI) request to 312 critical infrastructure providers across the UK is ringing industry alarm bells.

The FOI requests, submitted by DDoS attack solutions provider Corero Network Security, found that 70% of these institutions – ranging from police forces to NHS trusts, energy suppliers and water authorities – have had service outages in their IT systems within the last two years; many blamed on cyberattacks.

The implication for these institutions under the new directive would be the enforcement of hefty fines. Under the NIS directive – which aims to raise levels of the overall security and resilience of network and information systems across the EU – these outages need to be reported and addressed.

Penalties Could be Severe

Failure to do so could result in financial penalties of up to £17 Million being imposed. Corero estimates that if the NIS directive was in place two years ago the financial penalties faced by critical UK infrastructure would have amounted to over £2.5 billion.

Out of the 221 critical infrastructure organisations that responded to the FOI, 155 reported that they had suffered a downtime in their IT network leading to loss of services in the last two years. Worryingly over a third of the reported incidents are suspected to be caused by cyber-attacks.

However due to the nature of these critical institutions the real concern is the loss of services to the public and the state.

Andrew Lloyd President of Corero Network Security who undertook the FOI request stated that: “Service outages and cyber-attacks against critical infrastructure have the potential to inflict significant, real-life disruption by preventing access to essential services such as power, transport and the emergency services. The fact that so many infrastructure organisations have suffered from service outages points to an alarming lack of resilience within organisations that are critical to the functioning of UK society.”

Not a Just a Tick Box Exercise

This information comes on the back of the National Audit Office’s investigation into the WannaCry cyber-attack last year which attacked NHS organisations. The investigation found that much of the damage by the ransomware attack could have been negated if a software patch available two months prior to the attack had been implemented into NHS IT systems.

Corero fears that only the basic NIS requirements will be enacted to ensure compliance. Andrew Lloyd said: “As things stand, there is genuine risk that the legislation may be viewed as a mere ‘tick-box’ exercise which requires the bare minimum to be done, rather than fulfilling its promise for the UK to set world-leading standards in this area.”

In the UK the National Cyber Security Centre is the lead contact point for EU partners on NIS, and is acting as a key source of technical expertise. Its guidance on NIS compliance can be found here.

Source: https://www.cbronline.com/news/nis-critical-infrastructure

  • 0

Nine Things That Are Poised To Impact Cybersecurity

One important step every business should take to protect their sensitive customer data is invest in the latest security solutions. This means staying educated and up to date on what technology is available and what it does to keep you safe.

According to members of Forbes Technology Council, here are the next big trends in encryption and cybersecurity that businesses should pay attention to.

1. Biometrics

Biometrics will become a critical part of cybersecurity and encryption going forward because it’s nearly impossible to replicate. – Chalmers Brown, Due

2. IoT Device Security

The next wave of cybersecurity attacks will come from the internet-of-things (IoT) devices like appliances, lights and cameras. These types of devices are cheap, easy to hack, can be found in large numbers and are geographically distributed, making them ideal targets for a hacker to commandeer and launch a distributed-denial-of-service (DDoS) attack on an unsuspecting enterprise. – Mark Benson, Exosite

3. Multi-Factor Authentication And SSO Technologies

Utilize multi-factor authentication and SSO technologies to get a handle on authentication. Integrating this with Hashicorp Vault or an HSM solution can bring about encryption key management, encryption key rotation and administration of all your data. For sensitive information within databases, consider field-level encryption so that even with the breach, any data that is leaked is encrypted. – Venkat Rangan, Clari

4. Decentralization Of Data

Decentralizing data used for authentication is here and doing it for more PII is next. Firms are abandoning storage of biometrics, PINs, and passwords and now secure them on endpoints like mobile devices. Users authenticate on-device and swap public keys with their service provider. This reduces the attack surface, lowers IT costs and gives firms more control than legacy centralized systems. – Bojan Simic, HYPR Corp.

5. Increased Monitoring And Visibility

Highly publicized cyberattacks of the past few years have all had a common thread — no one noticed the issue until it was far too late. From private files left in public cloud storage to intrusions into legacy systems, lack of visibility has been a killer. Attacks are unavoidable, but detailed monitoring and proactive exfiltration scanning can prevent an unnoticed breach from making the news. – Jason Gill, The HOTH

6. Multi-Layered Approaches To Encryption 

In many cases, encryption may be augmented with blockchain technology, which is harder to compromise. The model of distributed data storage, cryptographic security and synchronized validation provides multiple layers of protection that are more secure than simple encryption. Data and storage architectures will need to be re-architected to provide the same levels of usability we have today. – Brian NeSmith, Arctic Wolf

7. Automated Breach Detection

Right now, many companies do penetration testing on their own, and they have logs and may have internal tools to detect breaches. That said, given the frequency of breaches occurring and the amount of time and energy it requires to be on top of them, it’s likely that there are many vendors that will enter this space to offer automated solutions for companies to get help both in finding and preventing breaches. – David Murray, Doctor.com

8. Simplified And Integrated Security Models

Layering reactive, signature-based tools still leaves security gaps. Encryption helps, but it does not solve this problem. First, a new, simplified, integrated model is needed and should focus on internal network, communications and endpoint monitoring. Second, defenders need to move away from the known signatures and IOCs to focus on the core network behaviors that all adversaries engage in. – Joseph Polverari, Versive

9. Blockchain And Mesh Networking

With the rise in popularity of blockchain and decentralized networking, security concerns need to be rethought. It’s true that these technologies decrease centralized attacks, like DDoS. They also essentially eliminate data tampering. That said, the next big security task is protecting data in decentralized environments. The enterprise will no longer own the hardware layer. – Tom Roberto, Core Technology Solutions

Source: https://www.forbes.com/sites/forbestechcouncil/2018/04/19/nine-things-that-are-poised-to-impact-cybersecurity/#20ceb2001bac

  • 0

DDoS attacks costing UK firms £35,000 per attack

New research highlights the financial and reputational cost of DDoS attacks.

New research has revealed that DDoS attacks can cost enterprises £35,000 per attack though lost revenue is only the fourth most damaging consequence of falling victim to this kind of cyber attack.

Corero Network Security surveyed over 300 security professionals across a range of industries such as financial services, cloud, government and more to shed light on the damage that DDoS attacks are causing to organisations worldwide.

Of those surveyed, 91 per cent said that a single DDoS attack can cost their organisation up to $50,000 in terms of lost business, productivity and the cost of mitigating an attack.  Additionally, 69 per cent noted that their organisation experiences anywhere from 20 to 50 DDoS attack attempts per month which equivalent to roughly one attack per day.

Despite the high cost of dealing with an attack, a vast majority of respondents (78%) cited loss of customer trust and confidence as the single most damaging effect on businesses that have suffered a DDoS attack.  The second highest threat was the risk of intellectual property theft followed by the threat of malware infection associated with a DDoS attack, making lost revenue the fourth most damaging consequence.

Corero Network Security’s CEO, Ashley Stephenson offered further insight on the research, saying:

“DDoS attacks can have an immediate and damaging impact on a company’s bottom line, both in terms of lost revenue and the costs incurred in terms of manpower required to mitigate attacks. Not all DDoS attacks will cost an organisation $50,000, but having your website taken offline can damage customer trust and confidence. It will also impact the ability of sales teams to acquire new customers in increasingly competitive markets. These attacks cause lasting damage to a company’s reputation and could have negative consequences for customer loyalty, churn and corporate profits.”

The organisation’s research also pointed out that cybercriminals have begun to use DDoS attacks as a distraction for more serious network incursions with 85 per cent of those surveyed of the belief that DDoS attacks are often used by attackers as a precursor for data breach activity.

Source: https://www.itproportal.com/news/ddos-attacks-costing-uk-firms-pound35000-per-attack/

  • 0