![]() This might be because it has a lower barrier to entry than ransomware itself due to the widespread availability of DDoS-for-hire services whose use doesn't require a lot of technical knowledge. Just like with ransomware, it's hard to say how many victims of RDDoS actually pay the ransom, but the fact that the number, size, and frequency of these attacks is on the rise suggests the activity is profitable enough. Some of the ransomware gangs known to use or claim to use DDoS attacks in this way include Avaddon, SunCrypt, Ragnar Locker and REvil. In other words, some ransomware attacks are now a triple threat that combine file-encryption, data theft, and DDoS attacks. Unlike groups like LBA that rely only on RDDoS to extort money from organizations, ransomware gangs use DDoS as an additional leverage to convince victims to pay the original ransom, much in the same way they use data leak threats. The group's activities have prompted alerts by multiple security vendors and the FBI. They identify non-generic email addresses that the victim organizations are likely to monitor and they target critical yet non-obvious applications and services as well as VPN concentrators, indicating an advanced level of planning. The group predominantly targets organizations from the financial, retail, travel, and e-commerce sectors from around the world and seems to do reconnaissance and planning. After a while they target the previous victims again. In many cases the group doesn't follow up with additional attacks if the ransom is not paid, but sometimes they do. In these emails the attackers claim to be affiliated with groups whose names often show up in media reports to boost their own credibility. It then follows up with an extortion email claiming to have 2 Tbps of DDoS capability and demanding payment in Bitcoin. The group, which has been dubbed the Lazarus Bear Armada (LBA), first launches demonstration DDoS attacks that range between 50 to 300 Gbps against selected targets. The cases of ransom DDoS (RDDoS) incidents have spiked beginning in August 2020, due to several ransomware groups adopting DDoS as an additional extortion technique but also due to campaigns launched by one particular gang that impersonates other threat actors including state-sponsored groups such as Fancy Bear (Russia) or Lazarus Group (North Korea). Attackers also often use DDoS attacks as cover to distract the IT and security teams of organizations from detecting other malicious activities on their networks, such as infrastructure compromises and data exfiltration. In fact, according to application and network performance monitoring firm Netscout Systems, cybercriminals demonstrating their DDoS capabilities to potential customers is the top motivation for such attacks, followed by motives related to online gaming-a popular pastime during the pandemic-and extortion. DDoS-for-hire services cost as little as $7 per attack, making them affordable to virtually anyone. However, extortion has long been one of the biggest factors driving this type of illegal activity, and arguably the most profitable one because launching DDoS attacks does not require a huge investment. The motives behind DDoS attacks are varied, ranging from unscrupulous business owners wanting to disrupt the competition's services to hacktivists wanting to send a message to organizations they disagree with to simple vandalism caused by rivalries between different groups. The company estimates that attacks over 50 Gbps can take offline most online services that don't have anti-DDoS mitigation due to bandwidth saturation. The trend continued in 2021 with Akamai seeing three of the six biggest volumetric DDoS attacks in history during February and more attacks that exceeded 50Gbps in the first three months of 2021 than the whole of 2019. This resurgence in DDoS extortion was likely driven by the COVID-19 pandemic, which forced companies to enable remote working capabilities for most of their employees, making them more vulnerable to disruptions of business operations and probably, in the eyes of the attackers, more willing to pay extortion fees. ![]() Ransomware groups are even using them to put additional pressure on their victims.Īccording to recent annual reports from different content delivery networks and DDoS mitigation providers, 2020 was a record-breaking year for DDoS attacks, both in number of attacks as well as size of attacks and the number of attack vectors used. At the same time, distributed denial-of-service (DDoS) attacks, which have also traditionally been used to extort businesses, returned in force. Ransomware has taken center stage in the cybercrime ecosystem, causing over $1 billion in losses last year around the world and earning criminals hundreds of millions of dollars in profits.
0 Comments
Leave a Reply. |