Banks, Media Firms Targeted By Cyber Extortionists DD4BC
DD4BC gang threatens businesses with DDoS attack unless they cough up £8,000 worth of Bitcoins
A cyber extortion gang is increasingly targeting banks, media groups, retailers and gaming firms with ransom demands, security firm Akamai has warned.
Failure to pay a 50 bitcoin (£8,000) ransom results in the victim’s server being bombarded in a Distributed Denial of Service (DDoS) attack that can reach up to more than 50 gigabits of data a second, a new report from the company claims.
Increasing Activity
Akamai says that the hacker group, called DD4BC, has been active since September 2014, and last November was given a huge bitcoin bounty by Bitcoin dealer Bitalo.com after a website was knocked offline for two days.
The company says that the extortionists are still active, and in the last 10 months has carried out 141 attacks on Akamai customers. Of those attacks, the average bandwidth was 13.34 Gbps, with the largest DDoS attack reported at a staggering 56.2 Gbps.
“The bitcoin extortion campaigns launched by DD4BC in May through July 2015 involved new social tactics and DDoS methodology,” Akamai said. “As described in this case study, attacks by DD4BC increased dramatically and targeted larger organisations. Later emails varied from the standard email template observed earlier. Multiple actors may be involved.”
“DD4BC has been using the threat of DDoS attacks to secure Bitcoin payments from its victims for protection against future attacks,” said Stuart Scholly, senior vice president & general manager of Akamai’s security division. “The latest attacks – focused primarily on the financial service industry – involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publicly.”
Besides carrying out DDoS attacks, DD4BC also threatened to expose targeted organisations via social media, adding to the damage caused by the DDoS attack itself. The hackers apparently have access to a substantial network of computers to flood the victim’s website with huge amounts of traffic.
Defensive Measures
Firms can take some defensive measures however, by deploying anomaly- and signature-based DDoS detection methods to identify attacks before a website becomes unavailable to users.
Firms should also distribute resources to increase resiliency and avoid single points of failure.
Finally, businesses are advised to implement Layer 7 DDoS mitigation appliances on the network in strategic locations to reduce the threat for critical application servers.
Extortion and blackmail is unfortunately a growing problem for the online world.
Earlier this year for example, a Swiss bank confirmed that hackers publicly divulged confidential customer information after the bank declined to pay a ransom. The attackers had hacked state-owned Banque Cantonale de Geneve (BCGE) and downloaded more than 30,000 email messages between the bank and its customers.
In June 2014, popular news aggregator service Feedly fought off a DDoS attack, hours after it refused to pay the perpetrator to stop the barrage.
More recently, Toronto police warned of extortion scams and other dangerous effects caused by the release of user data linked to extramarital affairs website Ashley Madison. At least two people may have killed themselves.
Are you a security pro? Try our quiz!