Ransom-related DDoS attacks rise from the dead as attack vectors diversify
DDoS extortion is back…
ANALYSIS A growth in ransom-related DDoS (RDDoS) attacks has accompanied a growing sophistication and diversity in attack vectors over the last year, according to a range of security vendors quizzed by The Daily Swig.
Types of distributed denial-of-service (DDoS) attacks can include volumetric, protocol-based, and application-based assaults. Many are slung from so-called botnets of compromised computers, mobiles, or IoT devices.
Means, motive, and opportunity
The most common motives for launching a DDoS and jamming an adversary/competitor’s web performance include extorting victims for financial gain or to serve as a decoy tactic for another cyber-attack.
Bindu Sundaresan, director at AT&T Cybersecurity, told The Daily Swig: “Motives today can include an interest in obtaining a financial reward, making an ideological statement, creating a geopolitical advantage, or exacting revenge for particular government action, corporate campaign, or policy stance.”
Pay up or say goodbye to your network resources
David Elmaleh, senior product manager of edge services at cloud and network appliance security vendor Imperva, told The Daily Swig that RDDoS campaigns motivated by financial gain saw a considerable increase in 2020.
“We saw RDDoS threats targeting thousands of large commercial organizations globally, not least the financial services industry,” Elmaleh explained.
“Of the RDDoS we’ve monitored, the extortionists leverage the names of well-known threat actor groups in their ransom messages to demand payment in bitcoin currency to prevent a DDoS attack on their target’s network.”
Read more of the latest DDoS attack news
For example, Imperva reports that one group using the name ‘Lazarus’ threatened to launch a DDoS attack against an entire network if a ransom was not paid within six days.
“Once the attack has started, a payment of 30 bitcoin (approximately $328,000) will stop it, with an additional 10 bitcoin ($110,000) demanded for each day the ransom remains unpaid,” according to Imperva’s Elmaleh.
“The extortionist also threatened to begin a small DDoS attack on the company’s main IP…