Neustar, a security and analytics company, recently surveyed 760 technology professionals to learn how companies in North America, Europe, the Middle East and Africa manage distributed denial-of-service (DDoS) attacks. A distributed denial-of-service (DDOS) attack is an attempt to render a website or service unavailable by overwhelming it with large amounts of superfluous traffic. A DDoS attack utilizes numerous computers to increase the volume of traffic, either slowing down or forcing the target offline. The report found that half of all the company’s surveyed experienced such an attack in the past two years and 83% of those companies were attacked more than once. 

Since the companies surveyed depend on websites and web-related services as a primary source of their revenue, DDoS attacks which render their web properties slow or inaccessible had a significant impact Over a third of the North American companies which were surveyed would lose over $100K per hour if the attack occurred during peak business hours. Furthermore, the largest companies risked losing an average of $1 million if their website was down during a peak revenue period.  

One of the most interesting aspects of the study is that often times, attacking a company’s customer-facing web properties was a distraction from additional malicious attacks. Often such DDoS attacks were not significant enough in scale to render the web properties unusable, but malevolent enough to disrupt operations and take the focus away from other aspects of network security. The study cites that over 1 in 3 DDoS attacks planted a computer virus within the web property attacked and an additional 40% of targets experienced some form of data theft in addition to the initial attack. 

Mark Tonnesen, CIO and CSO of Neustar, remarked that “In launching such an attack, the attacker accomplishes several things: he disrupts operations, distracts the website and security teams, and makes sure the target network is still operational— that is to say, accessible. Now the attacker can go in and plant malware or a virus, setting the stage for data theft, siphoning funds, or whatever else.”