We all know about DDoS attack being used to temporarily take down targeted websites. But Jordan Robertson at Bloomberg reports that attackers are now using them as a distraction – a means to attack the victim company while their defenses are down in order to steal money, data, and cause other damage. “They’ve become the online equivalent of a common street hustle, with the initial assault being the shiny object that distracts bank security teams long enough to pick customers’ pockets,” the article reads.
Robertson recounts how attackers nabbed tens of millions of dollars from banks over the last year. And what’s worse – the affected banks didn’t learn of the intrusions until getting word from customers and investigators. Sadly, this is all too common: the most recent Data Breach Investigations Report from Verizon shows that the majority of breaches, 69 percent, are detected by third parties.
Something needs to change to enable companies to catch these breaches themselves, and much quicker. One expert calls for a change in monitoring, leading with role-based technology to catch threats in real-time. Read more on that in our previous post, Infographic: The Future of Security Monitoring.