DDoS Attacks an Increasing Cover for Fraud

A new report from telecommunications and DNS service provider Neustar indicates a growing trend of using DDoS as a cover for malware attacks resulting in significant monetary losses for not only enterprises, but consumers as well.

Rodney Joffe, senior vice president and senior technologist, said Neustar has been able to verify with a number of its customers that they’ve also suffered loss of intellectual property or financial fraud in parallel attacks done under the cover of DDoS.

“If a DDoS runs for a short period of time, you’ve got look at it as to whether they’re there to cover something up,” Joffe said. “You dig under the covers and discover theft of intellectual property or financial fraud. The bad guys are using this effectively.”

Joffe said that a typical scenario involves DDoS against a bank that has already been compromised by some sort of financial malware such as Zeus or its offshoot Citadel, affording the hackers the opportunity to transfer funds from accounts.

The DDoS attack serves a twofold purpose; not only to keep security operations busy trying to squelch the attack and restore services, but also to keep customers from logging in to accounts and learn that funds are missing.

“It looks like a DDoS against the bank, but it’s designed to cover transfers made by the attackers,” Joffe said, who said that sometimes DDoS attacks are also carried out against an organization’s VoIP phone systems in order to keep customers from reaching help internally.