ake78 (3D & photo) - Fotolia

Businesses blame rivals for DDoS attacks

Industrial sabotage is considered to be the most likely reason behind a distributed denial of service attack, a study has revealed

More than 40% of businesses hit by a distributed denial of service (DDoS) attack worldwide believe their competitors were behind it, research by Kaspersky Lab and B2B International has revealed.

Rival firms are considered more likely culprits than cyber criminals, which were cited as suspects by just 38% of DDoS victims on average.

Industrial sabotage is considered to be the most likely reason behind a DDoS attack, coming out higher than political conspiracy and personal vendettas against a business.

Typically, DDoS attacks target web servers and aim to make websites unavailable to users. Although no data is stolen, the interruption to the service can be costly in terms of lost business damage to reputation.

For example, a massive DDoS attack on Luxembourg’s government servers that started on 27 February 2017 reportedly lasted more than 24 hours, and affected more than a hundred websites.

The joint Kaspersky Lab, B2B International study, which polled 4,000 businesses in 25 countries, found that only 20% of DDoS victims overall blamed foreign governments and secret service organisations, with the same proportion suspecting disgruntled former employees.

Companies in Asia Pacific are the most suspicious of competitors, with 56% blaming their rivals for DDoS attacks and 28% blaming foreign governments. Personal grudges also carry more suspicion in the region too, with 33% blaming former staff.

Read more about DDoS attacks

In Western Europe, only 37% of companies suspect foul play by their competitors, with 17% blaming foreign governments.

Looking at attitudes by business size, businesses at the smaller end of the scale are more likely to suspect their rivals of staging an experienced DDoS attack.

The study found that 48% of small and medium business representatives believe this to be the case compared with only 36% of enterprises. In contrast, respondents from big companies put more blame on former employees and foreign governments.

“DDoS attacks have been a threat for many years, and are one of the most popular weapons in a cyber criminals’ arsenal,” said Russ Madley, head of B2B at Kaspersky Lab UK.

“The problem we face is that DDoS attacks can be set up cheaply and easily, from almost anyone, whether that be a competitor, a dismissed employee, socio-political protesters or just a lone wolf with a grudge.

“It’s therefore imperative that businesses find an effective way to safeguard themselves from such attacks,” he said.

Significant advances in DDoS attacks

There were significant advances in DDoS attacks in the last quarter of 2016, according to Kaspersky, with the longest DDoS attack in lasting 292 hours or 12.2 days, which set a record for 2016 and was significantly longer than the previous quarter’s maximum of 184 hours.

The last quarter of 2016 also saw the first massive DDoS attacks using the Mirai IoT (internet of things) botnet technology, including attacks on Dyn’s Domain Name System (DNS) infrastructure and on Deutsche Telekom, which knocked 900K Germans offline in November.

There were also similar attacks on internet service providers (ISPs) in Ireland, the UK and Liberia, all using IoT devices controlled by Mirai technology and partly targeting home routers in an attempt to create new botnets.

Stakeholders recognise lack of security in IoT devices

According to Kaspersky, stakeholders worldwide, in particular in the US and EU, recognise the lack of security inherent in the functional design of IoT devices and the need to set up a common IoT security ecosystem.

Kaspersky expects to see the emergence of further Mirai botnet modifications and a general increase in IoT botnet activity in 2017.

Researchers at Kaspersky Lab also believe that the DDoS attacks seen so far are just a starting point initiated by various actors to draw up IoT devices into the actors’ own botnets, test drive Mirai technology and develop attack vectors.

First, they demonstrate once again that financial services like the bitcoin trading and blockchain platforms CoinSecure of India and BTC-e of Bulgaria, or William Hill, one of Britain’s biggest betting sites, which took days to come back to full service, were at the highest risk in the fourth quarter and are likely to remain so throughout 2017.

Second, cyber criminals have learnt to manage and launch very sophisticated, carefully planned, and constantly changing multi-vector DDoS attacks adapted to the mitigation policy and capacity of the attacked organisation.

Kaspersky Lab’s analysis shows that the cybercriminals in several cases tracked in 2016 started with a combination of various attack vectors gradually checking out a bank’s network and web services to find a point of service failure. Once DDoS mitigation and other countermeasures were initiated, researchers said the attack vectors changed over a period of several days.

DDoS enters its next stage of evolution

Overall, they said these attacks show that the DDoS landscape entered the next stage of its evolution in 2016 with new technology, massive attack power, as well as highly skilled and professional cyber criminals.

However, the Kaspersky researchers note that unfortunately, this tendency has not yet found its way into the cyber security policies of many organisations that are still not ready or are unclear about the necessary investments in DDoS protection services.

Read more on Business continuity planning