DDoS victims are often willing to pay out ransoms, says study

cybersecurity, 2017, Accenture Security

The threat that a business could become the victim of a ransomware-based Distributed Denial of Service (DDoS) attack continues to rise, with some security experts predicting that worldwide or large regional outages could take place.

But what’s even more disturbing is a new report from Corero, which found 62% believe it is likely or possible that their leadership team would pay.

“The feeling is that some management teams would actually pay out those ransom requests, which we find to be completely ridiculous,” said Stephanie Weagle, VP of Network Security for Corero, in an interview with FierceTelecom. “That’s a bit disheartening to think that the industry is actually thinking in that way when the reality is proactive mitigation against these types of attacks will eliminate the need to even think twice about a ransom attack.”

The vendor found that over a third (38%) of respondents to the survey, which polled around 100 security professionals at the Infosecurity Europe conference in London, said that the next DDoS attack will be financially motivated.

Although flags have been raised about nation state attackers, security professionals say that criminal extortionists are the most likely group to inflict a DDoS attack against their organizations, with 38% expecting attacks to be financially motivated.

Alternatively, only 11% believe that hostile nations would be behind a DDoS attack against their company.

Corero said that the financial motivation explains why almost half of those surveyed (46%) expect to be targeted by a DDoS-related ransom demand over the next year.

Finding hidden attacks

Large-scale DDoS attacks that have taken place at internet companies Dyn in recent years may get all of the attention, but Corero said security experts are just as worried about the a growing tide of smaller, low-volume DDoS attacks of less than 30 minutes in duration.

These "Trojan Horse" DDoS attacks typically go unmitigated by most legacy DDoS mitigation solutions but are frequently used by hackers as a distraction mechanism for additional attacks.

“What we find is those short attacks are less than 10 minutes in duration and less than 10 Gbps in volume and attacks of that scale often go undetected or unmitigated because they’re so short,” Weagle said.

According to Corero’s survey, less than a third (30%) of IT security teams have enough visibility into their networks to mitigate attacks of less than 30 minutes.

But a much larger volume of respondents (63%) are also worried about the hidden effects of these attacks on their networks, such as undetected data theft—particularly with the General Data Protection Regulation (GDPR) deadline fast-approaching, where organizations could be fined up to 4% of global turnover in the event of a data breach.

Service providers step up

As these DDoS attacks continue to rise, the question is what role do service providers play in helping to mitigate them?

Corero found that nearly three-quarters of respondents (73%) to expect regulatory pressure to be applied against ISPs who are perceived to be not protecting their customers against DDoS threats.

However, only a quarter of those surveyed (25%) believe their ISP is to blame for not mitigating DDoS attacks. Most of those surveyed (60%) consider their own security teams to be responsible.

“These organizations are really look back to their ISPs to handle this problem before it gets downstream to the enterprise itself,” Weagle said.

A number of service providers have begun leveraging two methods: offering a DDoS mitigation service as part of their subscription, while others are charging a premium for the service.

“This is becoming more of a norm across the service provider community, whether they believe it is something they believe it is something that should be included or something they monetize,” Weagle said. “They are taking DDoS more seriously and how their customers are impacted by it.”