Nearly Half of Orgs Hit by Smokescreen DDoS Attacks

Lori MacVittie Miniatura
Lori MacVittie
Published June 05, 2017

Information security is rife with military terminology. That’s unsurprising, given the abstract relationship between the opposing forces; one trying to attack while the other defends. Modern DDoS attacks are surprisingly simplistic, in strategy at least. It’s a swarming attack, designed simply to overwhelm the target environment. The emergence of botnets has made this task frighteningly easy as attackers are able to call on a large number of forces. Like a city under siege, organizations are forced to rely on the resources at hand.


Swarming tactics are often employed as part of a greater strategy, however. The oblique order, for example, relies on swarming one flank to overwhelm an opponent’s forces, enabling it to achieve superiority and subsequently destroy the rest of the opponent’s forces. Today’s digital battles increasingly rely on swarming tactics as merely one facet of engagement. Of particular note is the continued growth of DDoS attacks (swarming) as a smokescreen to hide more nefarious activity.

It’s the equivalent of the “hey, what’s that over there?” of a child trying to distract you so s/he can grab the last piece of candy while you aren’t looking. Smokescreen attacks are not new, but they’re becoming more common as attackers use them to distract organizations from their real objectives.

Dark Reading noted this correlation in a recent article:

Nearly half of the impacted organizations say their DDoS attacks coincided with some form of breach or malicious activity on their networks, including data theft and ransomware. For instance, 47% report discovering virus activity on their network after a DDoS attack, 43% cite malware as being activated, and 32% report customer data theft. – Dark Reading, DDoS Attacks Surge, Organizations Struggle to Respond

What’s disturbing is not that half of organizations were hit by such a smokescreen in the past year. In fact, back in 2014 that figure was over half, at 55%. Nor is it the virus/malware rate that’s troubling, as that, too, appears to have seen a decrease from 2014 when it sat at 50% of organizations. What’s increased is the rate of customer data theft. In 2014 that figure stood at 26%. Today, it’s 32%.

Not Just Security’s Problem

That should be troubling not just to infosec pros, but to the business at large. The impact to brands today from loss of customer data goes beyond losing the trust of your customers to losing customers, period. While the digital economy makes it easy peasy, lemon squeezy to reach out and obtain prospective and new customers through free apps in exchange for data, that digital economy makes it just as easy for would-be customers to walk away. Because there’s always another option, and it’s only a click away.

The advantages of a digital economy are that they broaden your audience and, one hopes, your customer base. But the disadvantage is that unlike brick and mortar world, they’re no longer a captive audience. You aren’t the only choice in town anymore. In fact, you’re not the only choice in the county/state/nation, any more. The digital economy is full of opportunities for you – and for those you’re trying to court into becoming customers.

2015 global survey of almost 6000 consumers by Gemalto found that “Nearly two-thirds (64%) of consumers surveyed worldwide say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stole​n, and almost half (49%) had the same opinion when it came to data breaches where personal information was stolen.”

If that doesn’t frighten you, perhaps the 23% of respondents who had experienced a breach that said they “either have, or would, consider taking legal action against the breached company involved in exposing their personal information” will.

I’m not suggesting you ignore malware, or viruses, or DDoS attacks. The former often wind up as just another route to pilfering customer data, after all. What we need to do is make sure that we’re prepared for the inevitable DDoS attack so we can focus on the secondary (which are really the primary) attacks that increasingly come with them. Offloading DDoS protection to a cloud-based offering is one way to achieve that. By redirecting responsibility for detecting and preventing volumetric attacks, organizations are left with the resources (both digital and human) to implement and monitor for more nefarious activity like incoming viruses, malware, and pilfering of customer data.

By being prepared and able to defend against DDoS attacks, we can minimize the noise so that we’re better able to detect the real attack that’s silently siphoning off the fuel that powers the digital economy – your customer's data.