Where There's Smoke Theres A DDoS Attack

the attacked resources available again as quickly as possible. Second, they will look into options to minimize the damage in every way. At this point, the technical support service will already be snowed under with urgent requests. Frustrated customers will be calling the company to try and understand what is going on. Faced with the impossibility of getting the service they need or the inability to make a payment, they are upset, to put it mildly! Some customers will start writing angry emails, which the already overloaded technical support staff will have no time to answer. The absence of a response will make the customers even angrier. They will begin to criticize the company on social networking sites. This cannot go unnoticed, especially by employees responsible for the company’s customer service and brand reputation. These employees will need the technical specialists to provide an answer to the question, "When will this situation be resolved?" While all of this chaos unfolding, it is now much easier for the attackers to bypass the company’s protection system and remain unnoticed.

This attack method is called DDoS Smokescreening and can be used for different purposes. Sometimes the "smokescreen" attack is launched to hide the traces of a large fraudulent money transfer. With the company’s IT specialists distracted, attackers can place their malware directly into the local network or even a company's branch offices, where IT infrastructure is managed from the head office. If the IT security team is focused on a DDoS attack, they may not notice a data leak from a remote office until it’s too late. In some cases, a DDoS attack has been used as a screen for simple theft. For example, on one occasion criminals attacked a bank and then quietly stole almost one million dollars from the account of one of the bank’s clients.

“Today, it's relatively cheap to commission a DDoS attack. A variety of methods and a large number of vulnerable servers enable cybercriminals to organize powerful and inexpensive DDoS attacks”

If the hackers are skillful enough, the traces of their activity will not be detected until much later (if ever), meaning they cannot be unequivocally associated with the DDoS attack. At the same time, this kind of attack on a company— including those organized under a DDoS smokescreen—leads to very serious consequences. According to a study conducted by Kaspersky Lab and B2B International, a targeted attack on a company can result in the loss of $84,000 on average for small and medium businesses, and up to $2.5 billion for large corporations.

To prevent a DDoS attack and deprive the fraudsters of the opportunity to use it as a "red herring," companies are advised to take preventative protection measures. The options include a hardware security solution forming part of the company's IT infrastructure, or traffic cleaning services from a service provider or a third-party that can filter traffic through special filtering servers.

These methods both have advantages and disadvantages. However, the hardware option has long been obsolete as it cannot protect against attacks that aim to overload information channels rather than client servers. Instead, the most effective approach is a hybrid method of protection such as Kaspersky DDoS Protection, which combines several technologies.

In companies that use this hybrid protection method, the crisis prompted by a DDoS attack will develop very differently. The attack itself will not be detected by the IT department— or worse, the customers—but by a sensor that monitors statistical changes in data flows. After registering a suspicious abnormality, this sensor will send a request to switch the traffic flow to a pre-agreed alternative route going through “cleaning centers.” This means the company’s IT security specialists will not need to divert their attention to flows of junk traffic, but can focus on trackingthe suspicious network activity that heralds a hacker attack –in other words, they can concentrate on doing their job.