Analysis: Why CIOs should fear DDoS

Distributed denial of service (DDoS) attacks are costly for businesses; in terms of lost revenue, the need to invest in new cyber defences, and potential extortion fees. But most costly of all could be their use as a decoy for other assaults.

Gartner analyst Anton Chuvakin told Computing that his recent research into DDoS attacks found a few examples where they had been used to facilitate data theft.

"It appears that the main purpose of the attacker was to distract the team investigating the data theft as well as overwhelm the systems the investigators may use to collect and analyse the evidence of the attack.

"Specifically, the attacker might have needed a certain window to make use of the stolen data, and only needed to delay the investigation by that time," he said.

According to John Roberts, head of managed services at network services provider Redstone, there are four main forms of attack that could be used alongside a DDoS assault to exploit a business's systems.

"There are DDoS viruses such as Cascade, Tequila and Frodo, which in the past were used to spread an attack. Then there is the use of a Trojan horse, which is software typically disguised as useful shareware or freeware. Users will consciously put it onto their system, not knowing what it really is," he explained.

Roberts said that a Trojan contains a backdoor to the users' systems and may even include a set of triggers.

"A trigger can be set for a certain date or time and this will initiate a sequence of events, possibly including a DDoS attack, which can bring the network down," he said.

[Turn to next page]