Out of 100 IT security professionals attending the Infosecurity Europe conference in London, 80 believe their organisation will be a target of a DDoS attack within the next 12 months, new reports said.
The report was published by Corero Networks Security.
Besides ransomware, in which hackers place malicious code onto a victim’s computer, encrypting all data only to ask for ransom in exchange for the decryption key, DDoS extortions are also growing in popularity.
DDoS extortions work slightly different – businesses are threatened with DDoS unless they pay up to five bitcoins, or approximately £1,500. If they don’t comply, they’re risking a DDoS attack which can result in much higher financial losses.
Almost half (43 per cent) of respondents said it was possible their organisation would actually pay a ransom demand.
“Extortion is one of the oldest tricks in the criminal’s book, and one of the easiest ways for today’s hackers to turn a profit,” comments Dave Larson, COO at Corero Network Security.
“When your website is taken offline, it can cost businesses over £5,000 a minute in lost revenue, so it’s understandable why some choose to pay the ransom. But this is a dangerous game, because just a few willing participants encourage these threats to spread like wildfire. Rather than trying to negotiate with criminals, the only way to beat these attacks is to have a robust, real-time DDoS mitigation system in place, which can defend against attacks and prevent downtime.”
“Like old cousins, ransom demands and DDoS are always being used together in inventive new ways to extract money from victims. For example, low-level, sub-saturating DDoS attacks are usually used as a precursor to ransomware attacks. Because they are so short – typically less than five minutes in duration – they are usually not detected by security teams and allow hackers to find pathways and test for vulnerabilities within a network which can later be exploited through other techniques.”
Image Credit: Maksim Kabakou / Shutterstock