Subscribe

DDoS extortion attacks on the rise

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 18 Aug 2014
'Pay up or we'll take your Web site down', so goes the adage that usually accompanies ransom-based cyber attacks, says Bryan Hamman of Arbor Networks.
'Pay up or we'll take your Web site down', so goes the adage that usually accompanies ransom-based cyber attacks, says Bryan Hamman of Arbor Networks.

While digital ransom attacks come in various types and forms, Distributed Denial of Service (DDoS) attacks are top of the list of methods used by attackers to force money from targeted companies.

So says Bryan Hamman, territory manager of Arbor Networks, who points out that in recent weeks, well-known names such as Evernote and Feedly have fallen victim to extortion attacks, but these companies are just the tip of the iceberg when it comes to this very lucrative criminal activity.

InfoSecurity Magazine reports that this year the number of network time protocol amplification attacks increased 371.43%. The average peak DDoS attack volume increased a staggering 807.48%.

The news aggregator Feedly said it had come under a DDoS attack from cyber criminals, which was preventing users from accessing its service.

"Criminals are attacking Feedly with a distributed denial of service attack. The attacker is trying to extort money from us to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can," said Feedly in a blog post.

"'Pay up or we'll take your Web site down', so goes the adage that usually accompanies ransom-based cyber-attacks," says Hamman.

According to Arbor's ninth annual Worldwide Infrastructure Security Report, DDoS extortion attacks account for 15% of all DDoS attacks.

While it may seem like a relatively small percentage, one must consider that as many as 10 000 DDoS attacks occur world-wide every day and the potential cost in damages and reputation can have a significant impact on a targeted organisation, Hamman points out.

He explains that DDoS extortion attacks are generally volumetric, high bandwidth attacks launched with the aim of crashing a company's Web site or server by bombarding it with packets, which originate from a large number of geographically distributed bots.

The size of volumetric DDoS attacks continues to increase year on year, and they remain a major threat to enterprises and Internet service providers alike, he adds.

"Traditionally, DDoS extortion attacks were used against online gambling sites, around major sporting events. Criminal gangs would initiate attacks that would bring the Web site down just before the event was to start, thus forcing the companies to choose between suffering a major loss in monetary and reputational terms or paying up. Increasingly, however, DDoS attacks are being used to extort money from all sorts of businesses and the reality is that no company should feel safe," he says.

So what is the right response when it comes to extortion demands? Hamman asks.

"The answer is simple and always the same - not to give in. Organisations should under no circumstances agree to pay the ransom - it can set a dangerous precedent and encourage more attacks in the future; while it might make the pain go away in the short term, the long-term results are generally not worth it.

"Declining to pay comes, of course, with severe consequences - as we saw from recent attacks on Feedly, who suffered from three separate waves of DDoS attacks. However, the company has now recovered from the attack and is operating as normal. Furthermore, it has been praised for its brave decision by the security community and even its own customers," says Hamman.

According to Hamman, many companies still rely on reactive measures such as router filters and firewalls, which are inefficient and not sophisticated enough to protect against organised cyber crime.

Instead, he says, organisations need to invest in preventive, multi-layered mitigation, which includes on-premise and cloud protection, as well as allowing for co-operation with their ISP or hosting company. In addition, putting a mitigation strategy in place, should the worst happen, is of crucial importance - especially as only 17% of organisations globally feel they are fully prepared for a security incident.

"By building defences, implementing plans ahead of time and refusing to give in, businesses needn't feel threatened anymore - attackers wanting to make easy money will have to look elsewhere."

Share