SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
RDDoS attacks more prevalent than ransomware - 70% of organisations targeted multiple times
Fri, 13th Aug 2021
FYI, this story is more than a year old

Research finds RDDoS attacks are a more significant threat to organisations than ransomware.

According to new research from the Neustar International Security Council (NISC), over two-fifths of organisations have been victims of a ransom-related distributed denial of service (RDDoS) attack in the last 12 months.

During the same period, fewer organisations (41%) reported being on the receiving end of a ransomware attack.

Of the organisations hit by RDDoS in the last year, 70% said they had been targeted multiple times, with 36% opting to pay the ransom. In comparison, 57% of ransomware victims reported being targeted more than once, with more than a third (36%) choosing to payout.

Neustar had recently highlighted a rise in RDDoS attacks in its report, Cyber Threats and Trends: Pandemic Style. The report, informed by data from Neustar's Security Operations Center, revealed a surge in the frequency, persistence and sophistication of RDDoS threats.

It found attackers to be broadening their targets. Threat actors are increasingly targeting a wider variety of sectors, including financial services, government, and telecoms. The perpetrators are often aligned with powerful nation-state hacking groups or claim to be.

In late 2020, a major Fortune Global 500 company was targeted by hackers claiming to be North Korean state-backed Lazarus Group. And in June's larger wave of DDoS extortion campaigns, attackers claimed to be from Lazarus Group or Russian state-backed Fancy Bear. In both cases, the businesses received extortion emails demanding Bitcoin payments.

“Rather than spending a lot of time and careful planning on infecting an organisation's network with malware or ransomware, cybercriminals are taking an easier approach and using DDoS as a ransom vector,” says Neustar chairman of NISC, SVP and Fellow, Rodney Joffe.

“For bad actors, launching a DDoS attack is relatively simple and has the added benefit of being harder to trace back to its origin.

Only a quarter (24%) of cybersecurity professionals reported feeling very confident in their organisation's understanding of how to respond to an RDDoS attack.

Joffe says paying a ransom should be avoided at all costs.

“It's common for organisations to feel pressure to pay to get their website back up and running and avoid disruption,” he says.

“However, with attackers targeting the same company multiple times, paying the ransom only makes it more likely you will fall victim again. Instead, businesses must take an ‘always on' approach to DDoS security, ensuring their site remains protected even in the event of an attack.

Between May and June 2021, security professionals found ransomware (70%), DDoS (68%), and targeted hacking (66%) as the biggest threats to their organisation.