Some 80% of enterprises based in Europe foresee DDoS ransom attacks in the next 12 months as a result of inefficient online security protection offered by Internet Service Providers, Corero Network Security announced.
“Our research data indicates that DDoS ransom attack threats are not only increasing in frequency but also being used by cyber criminals in new and creative ways to extract money from victims,” said Dave Larson, COO at Corero Network Security. “For example, low-level, sub-saturating DDoS attacks are usually used as a precursor to ransomware attacks. Because they are so short – typically less than five minutes in duration – they are usually not detected by security teams and allow hackers to find pathways and test for vulnerabilities within a network which can later be exploited through other techniques.”
Following a survey conducted on 100 security professionals at the Infosecurity Europe conference in London, the DDoS ransom threat is growing among businesses in Europe. As a result, 43% of respondents don’t rule out paying ransom should such an attack occur on their organization.
“Extortion is one of the oldest tricks in the criminal’s book, and one of the easiest ways for today’s hackers to turn a profit,” Larson said. “When your website is taken offline, it can cost businesses over $6500 a minute in lost revenue, so it’s understandable why some organizations choose to pay the ransom. But this is a dangerous game, because just a few willing participants encourage these threats to spread like wildfire. Rather than trying to negotiate with criminals, the only way to beat these attacks is to have a robust, real-time DDoS mitigation system in place, which can defend against attacks and prevent downtime.”
While 59% are not confident their current ISP can protect them from attacks, around 24% would certainly blame the attacks on their ISP’s lack of robust solutions. The lack of efficient solutions is a strong reason for most to leave their ISP. Another common concern among most IT security professionals interviewed is that ISPs use net neutrality laws to evade responsibilities in case of DDoS attacks.