A cyber attack that’s most often a diversion

David Pollino
Posted by David Pollino
Security

If you think your business can handle a DDoS attack, ask yourself, “Can we handle a smokescreen?”

Woman's hands typing on a computer keyboard.DDoS attacks are increasingly used as a smokescreen for more devious hacking. Fifty-five percent of businesses hit by a DDoS attack were also victims of theft, according to “Neustar 2014 DDoS Attacks and Impact Report: The Danger Deepens.”

Smokescreening is essentially a diversion. A DDoS, or distributed denial of service, attack bombards a company’s network with incoming data hoping to crash the company’s website. Criminals use DDoS attacks to tie up a company’s IT and security team so they can infiltrate the company’s network and steal private data. In one case, Neustar notes, criminals used DDoS to help steal bank customers’ credentials and take millions of dollars in just 48 hours. Such incidents have caused the FDIC to warn about DDoS as “a diversionary tactic.”

To better prepare for DDoS and smokescreen attacks, I’ve recommended that businesses take the minimum following steps:

1) Establish policies so your IT team or network administrator does not keep DDoS attack secret. Make sure IT notifies senior managers who can then ensure steps are taken to monitor for financial fraud;

2) Educate your staff about DDoS attacks and smokescreening so everyone in your company understands the potential financial risks present during a DDoS attack;

3) When a DDoS attack begins, watch for financial fraud by monitoring your bank accounts;

4) If your Internet access is disrupted by the attack, get to a computer off your network where you can check you bank accounts; and

5) If you suspect financial fraud, contact your financial institution immediately.

Reminder: All comments are moderated prior to publication and must follow our Community Guidelines.

Submit an Idea

[contact-form-7 id="32" title="Share An Idea"]

You are leaving the Bank of the West Change Matters site. Please be aware: The website you are about to enter is not operated by Bank of the West. Bank of the West does not endorse the content of this website and makes no warranty as to the accuracy of content or functionality of this website. The privacy and security policies of the site may differ from those practiced by Bank of the West. To proceed to this website, click OK, or hit Cancel to remain on the Bank of the West Change Matters site.