Andrea Danti - Fotolia

DD4B cyber extortion gang ramps up operations

Cyber criminals using DDoS attacks to extort funds from victims are carrying out more attacks despite a $26,000 bounty

A gang using distributed denial of service (DDoS) attacks to extort bitcoins since July 2014 is ramping operations despite a bounty of $26,000, according to Arbor Networks.

The gang, calling itself DD4BC (DDoS for Bitcoin), has been rapidly increasing the frequency and scope of its DDoS extortion attempts, shifting from targeting Bitcoin exchanges to online casinos and betting shops and, most recently, prominent financial institutions in the US, Europe, Asia, Australia and New Zealand.

The UK and Swiss computer emergency response teams (Certs) issued guidance in May 2015 after DD4BC started targeting financial institutions.

“Other verticals receiving extortion threats include internet service providers [ISPs] and publishers, all of which suggests the attacker is diversifying attempts to generate funds,” said Curt Wilson, a senior research analyst in the Arbor Security Engineering Response Team (ASERT).

Attacks by DD4BC continue with a higher volume of extortion letters continue being sent as of mid-late May and early June 2015, with extortion demands increasing to 100 bitcoins ($24,000) depending on the targeted vertical, said a recent threat report by ASERT.

According to Arbor, DD4BC initial warning or assessment attacks are smaller and typically range from 10-15 Gbps, with the full attack launched after the victim refuses to pay the extortion demand reported as high as 40-60 Gbps.

DD4BC has consistently advertised 400-500 Gbps of DDoS capacity, yet if this capacity is available it is not being used. The more likely scenario is that capabilities are being overstated, said Arbor.

However, the ASERT threat report said organisations should be aware the potential for attacks of 400 Gbps or more exists in the overall DDoS threat landscape, even if this threat actor does not wield such capabilities at this time.

Despite the overstating of capabilities, Arbor said organisations that are not prepared are highly likely to experience outages, with the bulk of attacks by DD4BC being simple service discovery protocol (SSDP) and network time protocol (NTP) reflection/amplification attacks, the occasional TCP SYN-flood and, most recently, Wordpress XML-RPC reflection/amplification attacks.

Read more about DDOS attacks

  • Distributed denial-of-service (DDoS) attacks could expose 40% of businesses to losses of£100,000 or more an hour at peak times.
  • All indications show DDoS attacks are increasing in variety, number and size.
  • Cyber threats evolve at the same pace as technology and denial-of-service attacks are no different.
  • Employ a mix of internal and cloud-based DDoS mitigation controls to minimise business disruptions from these increasingly complex attacks.

While the potential for threat actor evolution and increased DDoS capability is present, the ASERT report said well-prepared organisations should not have any trouble defending against such attacks if they use a combination of organic detection, classification, traceback and mitigation techniques and cloud-based DDoS mitigation services.

However, a survey conducted at Infosecurity Europe 2015 in London in June revealed complacency about DDoS attacks is putting businesses at risk.

Investment in specific DDoS protection is relatively low, the survey found, with attention turning to application data breaches, network attacks and malware, despite 60% of respondents saying they are worried about DDoS attacks.

Both Cert-UK and GovCert in Switzerland recommend any organisations targeted by DD4BC should file a criminal complaint with local law enforcement organisations.

Read more on Hackers and cybercrime prevention

Data Center
Data Management