Corero surveyed some 100 IT security professionals at the InfoSecurity Europe conference in London last month, and their outlook on DDoS threat is bleak. Many of the survey responders expect to see a significant escalation of DDoS attacks during the year ahead, with 38% predicting that there could even be worldwide Internet outages during 2017. But reassuringly, the majority of security teams (70%) are already taking steps to stay ahead of these threats, such as putting business continuity measures in place to allow their organizations to continue operating in the event of worldwide attacks.
Nearly three-quarters of respondents (73%) expect regulatory pressure to be applied against ISPs who are perceived to be not protecting their customers against DDoS threats. But interestingly, only a quarter of those surveyed (25%) believe their ISP is to blame for not mitigating DDoS attacks. Most of those surveyed (60%) consider their own security teams to be responsible.
The motives of DDoS attackers vary: sometimes to make a political statement, or an act of cyberwar, or to compete with other hackers for “bragging rights,” or to extort money from targets. More than a third of respondents (38%) to the survey believe that the next DDoS attack will be financially motivated. Despite continued discussions about nation state attackers, security professionals believe that criminal extortionists are the most likely group to inflict a DDoS attack against their organizations, with 38% expecting attacks to be financially motivated. By contrast, just 11% believe that hostile nations would be behind a DDoS attack against their organization.
This financial motivation explains why almost half of those surveyed (46%) expect to be targeted by a DDoS-related ransom demand over the next 12 months. DDoS-Ransomware attacks are definitely on the rise, partly because such attacks are easy to launch and lucrative. In such a scenario, hackers launch a sub-saturating, low-volume DDoS attack that distracts IT staff while hackers break down the firewall to install ransomware.
A cause for concern is that 62% believe it is likely or possible that their leadership team would pay a ransom. Caving in to a ransom demand is a bad idea, for several reasons:
- First of all, it invites more ransomware attacks on your organization; if a target organization gives in to ransom demands, the word will most likely spread on the Dark Web about that organization, making it more likely that they will be targeted again. You’ll self-identify as easy prey, so to speak.
- It also sends the wrong message to extortionists and would-be extortionists; by helping criminals make money it encourages other hackers to launch similar attacks on other organizations. At some point the message to hackers must be, “crime doesn’t pay.”
- There’s no guarantee hackers will let you off the hook. If they really do have the ability to cripple your network, they could just up the ante and demand more ransom. Or, worse, they might attack your network anyway, even if you pay the ransom.
- Lastly, the threat may be a hoax; there are some hackers out there who are just posers looking to make a quick buck off of someone’s fear.
It is less expensive for organizations to be proactive by investing in anti-DDoS and ransomware protection. Better to protect themselves against such extortion rather than have to face the financial and logistical consequences of a ransomware attack.
For more information, contact us.