One cybersecurity firm’s telemetry shows an increase in the use of DDoS attacks to mask infiltration or exfiltration attempts

A cybersecurity firm has discovered a new trend:  Distributed Denial of Service (DDoS) attacks have increasingly been launched as a smokescreen for other concurrent malware activities elsewhere in the network.

In these complex multi-vector incidents, DDoS attacks are launched to divert attention from ongoing infiltration or data exfiltration activity. While security teams are devoting resources to respond to the DDoS attack(s), the other malicious activities may then go undetected or unaddressed.

According to customer telemetry from StormWall, the number of DDoS attacks used as a smokescreen had increased by 28% globally in January 2023 compared to the same period in 2022.

By industry, the increases were 71% in clients in the fintech sector, 51% in retail and 47% in the gaming sector. The education industry saw a 16% rise; and healthcare and telecom clients saw a 14% and 8% increase in the same period. By country, customers in the US saw a 32% increase, while those in China and the UK saw a 25% and 17% surge respectively.

Fintech clients were the worst hit in January this year, as the stolen data can be used for social engineering, extortion or blackmail. Additionally, some attackers were launching website defacement attacks on this sector as a diversion.

According to the firm’s co-founder and CEO, the use of advanced anti-DDoS solutions would free up resources when security teams tackle attacks, giving them additional time to focus on defending systems from other threats: “When it comes to preventing multi-vector attacks disguised with DDoS, having automated DDoS protection will free up the cybersecurity team to focus on other threats. Also, regular IT infrastructure security audits should be conducted. This will help identify any potential bottlenecks that increase the risk of a DDoS attack.”