European Businesses Fear DDoS Extortion Attacks: Survey

Thursday, July 07, 2016

Ionut Arghire


Cyber-extortion is becoming a booming business, at least for criminals who threaten companies with distributed denial of service (DDoS) attacks, a recent survey from DDoS protection company Corero reveals.

The report shows that 80% of European businesses expect to be threatened with a DDoS ransom attack during the next 12 months, which reveals a growing trend in cyber-extortion. The survey, conducted among over 100 security professionals at the Infosecurity Europe conference in London, also uncovered that 43% of the targeted companies might give in and pay the ransom.

The report was published just over a month after the City of London Police warned that the cybercrime group known as Lizard Squad has engaged into a new wave of ransom driven DDoS incidents. The group, which managed to disrupt the gaming services of Blizzard Entertainment in April, demands a 5 Bitcoin ransom from UK businesses and threatens to target them with DDoS attacks if they don’t pay.

The practice isn’t new and history teaches us that many organizations end up paying the ransom to avoid operation disruption. In February this year, Alastair Paterson, CEO and Co-Founder of Digital Shadows, explained in a SecurityWeek column that extortion is one of the seven cyber threats that any financial services firm should know about.

Last April, Danelle Au, VP of Strategy and Marketing at SafeBreach, pointed out in another SecurityWeek column that extortion was thriving after coming to the digital world. DD4BC (DDoS “4” Bitcoin) and Armada Collective were two actors that led the DDoS extortion trend. Law enforcement managed to find some of the individuals behind the DD4BC group earlier this year.

DD4BC and Armada Collective, which launched short, low-intensity attacks against companies and then demanded a ransom to prevent larger attacks, managed to inspire many copycats. One of them, a group also calling themselves Armada Collective, was found this year to launch only empty threats. Although it managed to extort over $100,000 from potential victims, the group never launched a single DDoS attack, and researchers suggested that they didn’t have the necessary resources to do so.

“Extortion is one of the oldest tricks in the criminal’s book, and one of the easiest ways for today’s hackers to turn a profit. When your website is taken offline, it can cost businesses over $6500 a minute in lost revenue, so it’s understandable why some organizations choose to pay the ransom. But this is a dangerous game, because just a few willing participants encourage these threats to spread like wildfire,” Dave Larson, COO at Corero Network Security, says.

Corero’s report also reveals that 59% of the respondents fear that their Internet Service Provider (ISP) doesn’t offer the necessary protection against DDoS attacks, and 24% of them suggest that the ISP is to blame if a DDoS attack hits. Moreover, 53% percent of the respondents believe that ISPs are hiding behind net neutrality laws, 21% said they would leave the ISP if they did not offer adequate protection against DDoS, while 58% said they would leave because of poor service.

An 8.7 Gbps Layer 7 DDoS incident observed in April and a 470 gigabits per second (Gbps) DDoS attack observed last month to leverage nine different payload (packet) types, prove that DDoS attacks continue to rise in power and sophistication. As Corero notes, recent DDoS incidents also masque other types pf attacks, such as malware infections, typically ransomware, thus providing cybercriminals with new ways to extort money from their victims.

Related: Botnet Uses IoT Devices to Power Massive DDoS Attacks

Related: Thousands of CCTV Devices Abused for DDoS Attacks

Possibly Related Articles:
DDoS cyber extortion
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.