Another alternative, Roberts said, is a computer worm, which is a form of malware that spreads to other computers; he claimed this was a "combination of a virus attack and a DDoS attack" that could bring down a business's mainframe or networks. Unlike other attacks, it only affects certain systems and is benign to others – therefore even if an enterprise's corporate network goes down, the email functions may still work.
"There can also be malicious sites sitting out there that trigger your web browser to perform unwanted functions in your system," he added.
A fifth form of attack sometimes seen alongside a DDoS assault is an advanced persistent threat (APT). APTs are generally sophisticated forms of attack from tenacious cyber groups who won't give up until the hack is successful.
But why would a hacker need to use another form of attack in addition to DDoS on a targeted business?
The answer is often financial.
"DDoS can flood a system and stop it working but if you look at Trojan horses, websites and worms, these are not just about bringing down the system, these are used to copy and steal data, valuable files or services from users," Roberts explained.
This data can then be sold on, ransomed back to the business, or used in other ways to profit the attackers.
Jeff Aliber, senior product marketing manager at Kona Security Solutions Akamai, added that an application layer attack like an SQL injection or cross site script is also widely used to break into an application and steal data, while a DDoS attack is launched as a diversion.
But while the attacks may be used simultaneously, they would still be separate assaults, Ovum analyst Andrew Kellett told Computing.
[Turn to next page]
By eliminating high entry costs for big data analysis, you can convert more raw data into valuable business insight.
A discussion of the "risk perception gap", its implications and how it can be closed