DDoS as an Intrusion Smoke screen: Hackers Steal a Page from the Grinch Playbook

December 06, 2017 Mike Frane 3 min

You’re a mean one, Mr. Grinch,1″ begins the holiday classic song. How mean? So mean that his spirit lives on in sophisticated cyberattacks.

?”How the Grinch Stole Christmas” isn’t just about theft. Stealing every present in Whoville was bad enough; that was just a means to a bigger end. The Grinch had more grandiose plans. He wanted to shut down the Christmas experience itself, so his plans ran the gamut, ruining everything from decorations to singing to the Who-roast beast feast.

Whoville’s sole hope in stopping the Grinch was Cindy-Lou Who, the little girl who awoke as the Grinch was plundering her home. Because she was unequipped to deal with the unfolding threat, the Grinch was able to send her back to bed and continue wreaking havoc.

The two sides of that havoc were theft and disruption – a blueprint for today’s aggressive multi-layered cyberattacks that combine distributed denial of service (DDoS) with network intrusion, ransomware, and more.

Cyberattacks follow the Grinch’s lead

The line between data theft and DDoS attacks is blurring as cyber crooks increasingly merge the two.

DDoS attacks are bad enough, shutting down the customer experience and inflicting financial pain through system unavailability and damage to reputation. More and more frequently, the bad guys don’t stop there. They’re using DDoS attacks as a smoke screen to distract IT professionals from simultaneous network intrusions.

In fact, a recent Neustar report found that 24% of companies hit with DDoS attacks this year incurred data theft as part of the same attack – up from 21% last year. The trend of merging data theft with service denial is straight from the Grinch playbook. Thwarting it requires expert assistance.

Don’t Let DDoS plus Intrusion happen to You

Fortunately, enterprises today have sophisticated protection at their disposal. The best DDoS mitigation services take a proactive approach to DDoS monitoring, detection, verification, and mitigation, all performed automatically and without requiring significant IT involvement.

Consider what happened earlier this year at a large Midwestern school district that utilizes Google Classroom, which requires Internet access for curriculum, instructional resources, homework, and testing. The school system fell prey to orchestrated DDoS attacks that overwhelmed its Internet connection for nearly two days. The system’s IT staff knew the attacks were happening but couldn’t stop them. While some students enjoyed the unplanned free time, administrators and teachers were distressed at lost productivity and the potential impact on the school’s academic reputation.

Administrators looked to Windstream for help. Our team implemented and activated our Windstream DDoS Mitigation service that same day – immediately detecting, verifying, and mitigating the attacks to eliminate both downtime and the potential for distraction from a simultaneous data breach. That service today automatically protects the school system from DDoS attacks around the clock – just as it does for a rapidly growing number of enterprises around the country.

The moral of the story: Don’t be an enterprise Whoville. Making DDoS mitigation an integrated element of your enterprise security strategy is your best protection against DDoS attacks. It can also help provide essential cover for network intrusion, and the lingering spirit of the Grinch.

1 “You’re a mean one, Mr. Grinch” .and other Grinch references copyright, Dr. Seuss Enterprises, estate of Theodor Geisel, How the Grinch Stole Christmas; image credit Warner Bros. Entertainment.


When it comes to optimizing mid-market enterprise networks, one size does not fit all