14 DAY TRIAL // 74% of the companies that recorded a DDoS attack claim that they also noticed a disruption of other services, making them believe the attack was used to hide a more serious intrusion, as a recent Kaspersky Lab survey shows.
According to Kaspersky, attackers have started to use different types of attack points together, with the hopes of distracting IT and security staff from their real target.
The survey shows that malware infections are usually the main side effect of DDoS attacks, 45% of the respondents acknowledging to this happening, while 32% say they also experienced network intrusions or some other kind of hacking events.
Half of DDOS attacks disrupt the company's normal operation
The data also points out that 50% of all companies affected by a DDoS attack see a performance dip for their services, while 24% claim that DDoS attacks usually brings down their entire infrastructure.
Additionally, 31% of the companies experiencing DDoS attacks also see non-sensitive information being extracted from their system, while 26% report that sensitive business data is being lost during this kind of incidents.
Asked to detail or speculate on the source of the DDoS attacks, most companies attributed them to criminals trying to disrupt operations (28%), criminals trying to mask other intrusions (18%), criminals trying to extort the company (17%), competitors (12%), and political activists (11%).
Most of the DDoS attacks targeted companies working in telecommunications (24%), finances (22%), IT&software (21%), government (18%), manufacturing (18%), and utilities&energy (18%).
Most DDoS attacks land on the company's public-facing website
47% of the attacks targeted the victim's public website, 38% of the time the DDoS targeted a customer portal or login page, 37% of attacks targeted communications services, while the other attacks were on file servers (27%), transactional services (24%), and operational systems (15%).
As for the duration of the attacks, the most common ones lasted only for a few hours (35%), 10 minutes to an hour (21%), a whole full day (14%), but also less than 10 minutes (10%). Most severe cases were businesses which reported attacks that lasted 2 days to a week (9%), or even several weeks or longer (7%).
On average, large companies lost around $417,000 / €365,000 per attack, while small-to-medium business lost $53,000 / €46,400.
The Denial of Service: How Businesses Evaluate the Threat of DDoS Attacks survey was conducted on around 5,500 companies from 26 countries, and is available for download.
