lolloj - Fotolia
Holding businesses to ransom and threatening to flood their servers and cause massive disruption is a fairly recent development in the way cyber criminals operate, but one that is rapidly becoming a major headache for those firms targeted.
Earlier this week there were warnings from a leading insurance company that cyber threats were evolving to become more focused on causing business disruption, with the ultimate threat of being catastrophic for an organisation.
Just days later and the evidence of just what that business disrupting attack can look like has emerged. A report from Akamai has charted the activities of a gang called DD4BC, which has been threatening firms in the finance sector.
The gang’s modus operandi appears to be to threaten to launch an attack which will cripple the victim’s servers unless a ransom in Bitcoins worth around £8,000 is paid. If the money is not paid then the victim would be named and shamed on social media by the criminals, adding the threat of damage to brand reputation.
According to Akamai research there have been 114 attacks in the last six months alone as the gang works its way through the finance service industry. DD4BC was first spotted last year operating its extortion scam, targeting various customers in the media, entertainment, online gaming and retail sectors as well as the finance market.
“DD4BC has been using the threat of DDoS attacks to secure Bitcoin payments from its victims for protection against future attacks,” said Stuart Scholly, senior vice president and general manager, security division at Akamai.
“The latest attacks – focused primarily on the financial service industry – involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publicly” he added.
Customers are going to turn to their resellers for help and need to be told that a process of deploying anomaly and signature-based DDoS detection methods, distributing resources to reduce the chances of a single point of failure and implementing Layer 7 DDoS mitigation appliance on the network are all things that could be done.
The chances are that this sort of attack is going to increase because of the success that the cyber criminals have had so far in extorting money from victims.
Others in the security industry have also been following the activities of DD4BC and have already been issuing their channel partners with advice that they can pass on to customers.
With many customers relying on ageing firewalls to give them protection from denial of service attacks there is a pressing need for some investment as well as a strategy to be set out to deal with issues.
Just as most companies are encouraged to develop a disaster recovery plan the same principles apply for a DDoS attack, with the best preparation advice being to create a response team and a plan as well as performing risk assessments.
There is an opportunity for the channel to help customers identify where the risks are in the current network and to identify the vulnerable points of entry where an attack could be launched.
Marc Gaffan, general manager for the Incapsulate service at Imperva, said that the idea of using the threat of a denial of service attack as a ransom demand had been going for a while, but the dynamics of the latest incidents had changed slightly.
“Online extortion using DDoS, unfortunately, is not a new phenomenon. Customers have been receiving so-called ransom notes for years now. The advent of Bitcoin has made payment even less traceable, which has made DDoS extortion even more popular with cyber criminals,” he said.
He believed that those firms that were targeted by cyber criminal gangs should try to hold out against paying a ransom.
“We do not recommend companies pay ransom notes. There is no guarantee criminals will stop the attack. And, paying may also make you a “mark,” and criminals may come back for more. Companies should get protection from DDoS attacks, and basic plans typically cost less than half of the £8,000 ransom request,” he added.