A survey carried out by Kaspersky Lab and B2B International has demonstrated that, in most cases, a DDoS attack is only the tip of the iceberg. 74 percent of respondents representing the corporate sector reported that DDoS attacks against their companies coincided with other IT security incidents. Sometimes these are not coincidences, but deliberate attempts to distract IT personnel. This approach has been called DDoS smokescreening.
In the survey, respondents most often cited malware (21 percent) and hacking (22 percent) as the number one threats to their companies, while DDoS was chosen as the most dangerous threat by only six percent. At the same time, DDoS attacks often coincide with malware incidents (in 45 percent of all cases), and corporate network intrusions (in 32 percent of all cases). Data leaks were also detected simultaneously with an attack in 26 percent of cases. Construction and engineering companies encountered this problem more often than others: according to respondents, 89 percent of DDoS attacks on these companies coincided with other types of attacks.
However, even without taking collateral damage into account, DDoS attacks remain a serious problem that increasingly affect company resources. Specifically, in 24 percent of all cases a DDoS attack caused services to be completely unavailable (39 percent for government-owned companies). In 34 percent of all cases, some transactions failed due to such attacks (64 percent for transport companies). Last year, these figures were significantly lower: only 13 percent of companies reported that their services had become completely unavailable due to DDoS attacks, while errors in transactions were experienced by 29 percent of companies as a result of such attacks.
Significantly longer page loading times remained one of the most common consequences of DDoS attacks (53 percent this year vs. 52 percent last year); however, according to the survey, attacks can last for days or even weeks.