Smokescreen
Hackers have increasingly turned to DDoS attacks as a means of diverting IT's attention away from separate, and often times more damaging, behavior. When an attacker damages or completely brings down a company's network, the process for complete remediation can take days. Coupled with the fact that DDoS attacks are highly visible, both externally and internally, returning to business as usual becomes priority one for responders.
With the IT team's attention focused elsewhere, it is easy for otherwise alarming behavior to slip through the cracks. False-positives are already a common headache for those monitoring network activity, and during a time of crisis, it becomes much easier to neglect best practices and allow for incidents such as malware injection or data theft to occur.
You typically don't realize a DDoS attack is being used as a smokescreen for a larger security incident until it's too late. The best defense comes from ensuring that all normal cybersecurity processes are continued in the wake of an attack and never assuming the worst is over.