- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Attackers Increasingly Turning to DDoS as a Ransom Vector
Nearly half (44%) of organizations have been targeted or fallen victim to a ransom-related distributed denial of service (RDDoS) attack in the past 12 months, according to a survey of 313 cybersecurity professionals by the Neustar International Security Council (NISC).
Interestingly, during the same period, a lower proportion (41%) of organizations were targeted by a ransomware attack, suggesting cyber-criminals are increasingly using DDoS attacks as a means of extorting money from victims.
Rodney Joffe, chairman of NISC, SVP and fellow, Neustar, explained: “Rather than spending a lot of time and careful planning on infecting an organization’s network with malware or ransomware, cyber-criminals are taking an easier approach and using DDoS as a ransom vector. For bad actors, launching a DDoS attack is relatively simple and also has the added benefit of being harder to trace back to its origin.”
The research indicates that this is an effective ransom tactic; 70% of organizations hit by RDDoS were targeted multiple times, and 36% admitted they paid the ransom. This compares to 57% of those infected by ransomware being targeted on multiple occasions, with the same proportion (36%) choosing to pay the ransom.
Neustar added that while RDDoS threats have traditionally targeted online industries, attackers are increasingly turning their attention to other sectors, including financial services, government and telecoms.
Worryingly, less than a quarter (24%) of cybersecurity professionals said they were ‘very confident’ in their organization’s knowledge of how to respond to an RDDoS attack. The respondents listed ransomware (70%), DDoS (68%) and targeted hacking (66%) as the most increasing cyber-threats to their organization.
Joffe commented, “It’s common for organizations to feel pressure to pay to get their website back up and running and avoid disruption. However, with attackers targeting the same company multiple times, paying the ransom only makes it more likely that you will fall victim again. Instead, businesses must take an ‘always on’ approach to DDoS security, ensuring that their site remains protected even in the event of an attack.”